Just to add to Scott's comment, you need to set
ignorePartialResults=true on the LdapContextSource that is being used
by LdapPersonAttributeDao.
Again a dumb question, where exactly does this go?
I've tried at the 3 different possible locations that I can think off and
added the following:
<property name="ignorePartialResultException" value="yes" />
I also tried the form "ignorePartialResult" ... (6 variations all together)
They all throw similar errors like such:
Caused by: org.springframework.beans.factory.BeanCreationException: Error
creating bean with name
'org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver#fadb88'
defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]:
Error setting property values; nested exception is
org.springframework.beans.NotWritablePropertyException: Invalid property
'ignorePartialResultException' of bean class
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]:
Bean property 'ignorePartialResultException' is not writable or has an
invalid setter method. Does the parameter type of the setter match the
return type of the getter?
Below are the relevant piece of my deploy file, with the ignore added to
where I think it should be ???
Johan
<property name="credentialsToPrincipalResolvers">
<list>
<!--
add LDAP attributes, used for SAML
to Google Apps to pass the 'mail' attribute instead of uid
See more at
http://www.ja-sig.org/wiki/display/CASUM/Attributes
-->
<bean
class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
<!-- The Principal resolver form the
credentials, ie get the username -->
<property
name="credentialsToPrincipalResolver">
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
/>
</property>
<!-- The query made to find the
Principal ID. "%u" will be replaced by the resolved Principal -->
<property name="filter"
value="(sAMAccountName=%u)" />
<!-- The attribute used to define
the new Principal ID -->
<property
name="principalAttributeName" value="sAMAccountName" />
<property name="searchBase"
value="dc=ad,dc=t-bird,dc=edu" />
<property name="contextSource"
ref="contextSourceLdapAttributes" />
<!-- fix because of how AD returns
results -->
<property
name="ignorePartialResultException" value="yes" />
<!-- use the attrib repository
defined below -->
<property
name="attributeRepository">
<ref bean="attribRepository"
/>
</property>
</bean>
<!-- the original cred to principal
resolvers -->
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
/>
<bean
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
/>
</list>
</property>
<!-- context source for LDAP attribute resolution, used by
CredentialsToPrincicalResolver -->
<bean id="contextSourceLdapAttributes"
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
<property name="urls">
<list>
<value>ldap://dc1.ad.t-bird.edu/</value>
<value>ldap://dc3.ad.t-bird.edu/</value>
<value>ldap://dc4.ad.t-bird.edu/</value>
</list>
</property>
<property name="userName"
value="cn=xxxx,ou=xxxx,dc=ad,dc=t-bird,dc=edu" />
<property name="password" value="xxx" />
<property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>java.naming.security.authentication</value>
</key>
<value>simple</value>
</entry>
<!--
Set the LDAP connect and read timeout(in ms)
for the java ldap class
See
http://java.sun.com/products/jndi/tutorial/ldap/connect/create.html
-->
<entry>
<key>
<value>com.sun.jndi.ldap.connect.timeout</value>
</key>
<value>2000</value>
</entry>
<entry>
<key>
<value>com.sun.jndi.ldap.read.timeout</value>
</key>
<value>2000</value>
</entry>
<!--
<entry>
<key>
<value>java.naming.ldap.derefAliases</value>
</key>
<value>never</value>
</entry>
-->
</map>
</property>
</bean>
<!-- the attribute repository bean for mapping LDAP attributes to
Principal attributes -->
<bean id="attribRepository"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<property name="baseDN"
value="dc=ad,dc=t-bird,dc=edu" />
<!--
This query is used to find the entry for populating
attributes.
{0} will be replaced by the new Principal ID extracted from
the ldap
-->
<property name="query" value="(sAMAccountName={0})" />
<property name="contextSource"
ref="contextSourceLdapAttributes" />
<property name="ldapAttributesToPortalAttributes">
<map>
<!-- Mapping beetween LDAP entry's
attributes (key) and Principal"s (value) -->
<entry key="cn" value="Name"/>
<entry key="givenName" value="FirstName" />
<entry key="sn" value="LastName" />
<entry key="mail" value="EmailAddress" />
</map>
</property>
</bean>
----- Original Message -----
From: "Marvin Addison" <[email protected]>
To: <[email protected]>
Sent: Tuesday, March 10, 2009 9:36 AM
Subject: Re: [cas-user] Credentials from LDAP To Principal &
Just to add to Scott's comment, you need to set
ignorePartialResults=true on the LdapContextSource that is being used
by LdapPersonAttributeDao.
Additionally, you are correct that
CredentialsToLDAPAttributePrincipalResolver has completed
successfully.
M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
