Ashima wrote:
> I am using BindLdapAuthenticationHandler for authentication. I am
> extracting additional attributes using 'attributeRepository' as
> follows:-
>
> <bean id="attributeRepository"
>
> class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
> <property name="baseDN" value="ou=people,dc=XXXX,dc=edu" />
> <property name="query" value="(tEduPersonNetID={0})" />
> <property name="contextSource" ref="contextSource" />
> <property name="ldapAttributesToPortalAttributes">
> <map>
> <entry key="tEduPersonNetID"
> value="tEduPersonNetID" />
> <entry key="tEduPersonUIN"
> value="tEduPersonUIN" />
> <entry key="tStatus" value="tStatus" />
> </map>
> </property>
> </bean>
>
> My requirement is that even if username and password combination is
> authenticated successfully, but if the attribute 'tStatus' has value
> 'false' then do not log-in the user.
So why not just extend the filter when searching the user's entry? Doing
this particular filtering in attributeRepository configuration is IMHO
too late anyway.
So for BindLdapAuthenticationHandler set
<property name="filter" value="(&(uid=%u)(tStatus=TRUE))" />
Not sure if you use 'uid' as the user ID to search for. So put in here
what fits your needs. But I guess you get the idea.
Ciao, Michael.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
