It should go on this bean: AuthenticatedLdapContextSource -Scott
On Tue, Mar 10, 2009 at 2:54 PM, Johan Reinalda < [email protected]> wrote: > Just to add to Scott's comment, you need to set >> ignorePartialResults=true on the LdapContextSource that is being used >> by LdapPersonAttributeDao. >> > > Again a dumb question, where exactly does this go? > > I've tried at the 3 different possible locations that I can think off and > added the following: > > <property name="ignorePartialResultException" value="yes" /> > I also tried the form "ignorePartialResult" ... (6 variations all together) > > They all throw similar errors like such: > > Caused by: org.springframework.beans.factory.BeanCreationException: Error > creating bean with name > 'org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver#fadb88' > defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: > Error setting property values; nested exception is > org.springframework.beans.NotWritablePropertyException: Invalid property > 'ignorePartialResultException' of bean class > [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]: > Bean property 'ignorePartialResultException' is not writable or has an > invalid setter method. Does the parameter type of the setter match the > return type of the getter? > > > > Below are the relevant piece of my deploy file, with the ignore added to > where I think it should be ??? > > Johan > > > <property name="credentialsToPrincipalResolvers"> > <list> > > <!-- > add LDAP attributes, used for SAML to > Google Apps to pass the 'mail' attribute instead of uid > See more at > http://www.ja-sig.org/wiki/display/CASUM/Attributes > --> > <bean > class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver"> > <!-- The Principal resolver form the > credentials, ie get the username --> > <property > name="credentialsToPrincipalResolver"> > <bean > class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" > /> > </property> > > <!-- The query made to find the > Principal ID. "%u" will be replaced by the resolved Principal --> > <property name="filter" > value="(sAMAccountName=%u)" /> > > <!-- The attribute used to define the > new Principal ID --> > <property > name="principalAttributeName" value="sAMAccountName" /> > > <property name="searchBase" > value="dc=ad,dc=t-bird,dc=edu" /> > > <property name="contextSource" > ref="contextSourceLdapAttributes" /> > > <!-- fix because of how AD returns > results --> > <property > name="ignorePartialResultException" value="yes" /> > > <!-- use the attrib repository > defined below --> > <property name="attributeRepository"> > <ref bean="attribRepository" > /> > </property> > </bean> > > <!-- the original cred to principal resolvers > --> > <bean > class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" > /> > <bean > class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" > /> > > </list> > </property> > > > <!-- context source for LDAP attribute resolution, used by > CredentialsToPrincicalResolver --> > <bean id="contextSourceLdapAttributes" > class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> > <property name="urls"> > <list> > <value>ldap://dc1.ad.t-bird.edu/</value> > <value>ldap://dc3.ad.t-bird.edu/</value> > <value>ldap://dc4.ad.t-bird.edu/</value> > </list> > </property> > > <property name="userName" > value="cn=xxxx,ou=xxxx,dc=ad,dc=t-bird,dc=edu" /> > > <property name="password" value="xxx" /> > > <property name="baseEnvironmentProperties"> > <map> > <entry> > <key> > > <value>java.naming.security.authentication</value> > </key> > <value>simple</value> > </entry> > > <!-- > Set the LDAP connect and read timeout(in ms) > for the java ldap class > See > http://java.sun.com/products/jndi/tutorial/ldap/connect/create.html > --> > <entry> > <key> > > <value>com.sun.jndi.ldap.connect.timeout</value> > </key> > <value>2000</value> > </entry> > <entry> > <key> > > <value>com.sun.jndi.ldap.read.timeout</value> > </key> > <value>2000</value> > </entry> > <!-- > <entry> > <key> > > <value>java.naming.ldap.derefAliases</value> > </key> > <value>never</value> > </entry> > --> > > </map> > </property> > </bean> > > <!-- the attribute repository bean for mapping LDAP attributes to > Principal attributes --> > <bean id="attribRepository" > class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> > <property name="baseDN" > value="dc=ad,dc=t-bird,dc=edu" /> > <!-- > This query is used to find the entry for populating > attributes. > {0} will be replaced by the new Principal ID extracted from > the ldap > --> > <property name="query" value="(sAMAccountName={0})" /> > > <property name="contextSource" > ref="contextSourceLdapAttributes" /> > > <property name="ldapAttributesToPortalAttributes"> > <map> > <!-- Mapping beetween LDAP entry's attributes > (key) and Principal"s (value) --> > <entry key="cn" value="Name"/> > <entry key="givenName" value="FirstName" /> > <entry key="sn" value="LastName" /> > <entry key="mail" value="EmailAddress" /> > </map> > </property> > </bean> > > > > > > > > > > > > > > > > > > ----- Original Message ----- From: "Marvin Addison" < > [email protected]> > To: <[email protected]> > Sent: Tuesday, March 10, 2009 9:36 AM > Subject: Re: [cas-user] Credentials from LDAP To Principal & > > > Just to add to Scott's comment, you need to set >> ignorePartialResults=true on the LdapContextSource that is being used >> by LdapPersonAttributeDao. >> >> Additionally, you are correct that >> CredentialsToLDAPAttributePrincipalResolver has completed >> successfully. >> >> M >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
