Oh wow, my apologies! I completely messed that up. We added it to the authentication handlers and it passes it down to the correct Spring LDAP stuff. I'll need to do the same for the CredentialsToPrincipalResolver then. Can someone open a JIRA issue for this?
Thanks -Scott On Tue, Mar 10, 2009 at 3:31 PM, Johan Reinalda < [email protected]> wrote: > Just did that, and get this > > Caused by: org.springframework.beans.NotWritablePropertyException: Invalid > property 'ignorePartialResultException' of bean class > [org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource]: Bean > property 'ignorePartialResultException' is not writable or has an invalid > setter method. Does the parameter type of the setter match the return type > of the getter? > > Ideas ? > > Johan > > > ----- Original Message ----- > *From:* Scott Battaglia <[email protected]> > *To:* [email protected] > *Sent:* Tuesday, March 10, 2009 11:56 AM > *Subject:* Re: [cas-user] Credentials from LDAP To Principal & > > It should go on this bean: AuthenticatedLdapContextSource > > -Scott > > > On Tue, Mar 10, 2009 at 2:54 PM, Johan Reinalda < > [email protected]> wrote: > >> Just to add to Scott's comment, you need to set >>> ignorePartialResults=true on the LdapContextSource that is being used >>> by LdapPersonAttributeDao. >>> >> >> Again a dumb question, where exactly does this go? >> >> I've tried at the 3 different possible locations that I can think off and >> added the following: >> >> <property name="ignorePartialResultException" value="yes" /> >> I also tried the form "ignorePartialResult" ... (6 variations all >> together) >> >> They all throw similar errors like such: >> >> Caused by: org.springframework.beans.factory.BeanCreationException: Error >> creating bean with name >> 'org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver#fadb88' >> defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: >> Error setting property values; nested exception is >> org.springframework.beans.NotWritablePropertyException: Invalid property >> 'ignorePartialResultException' of bean class >> [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]: >> Bean property 'ignorePartialResultException' is not writable or has an >> invalid setter method. Does the parameter type of the setter match the >> return type of the getter? >> >> >> >> Below are the relevant piece of my deploy file, with the ignore added to >> where I think it should be ??? >> >> Johan >> >> >> <property name="credentialsToPrincipalResolvers"> >> <list> >> >> <!-- >> add LDAP attributes, used for SAML >> to Google Apps to pass the 'mail' attribute instead of uid >> See more at >> http://www.ja-sig.org/wiki/display/CASUM/Attributes >> --> >> <bean >> class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver"> >> <!-- The Principal resolver form the >> credentials, ie get the username --> >> <property >> name="credentialsToPrincipalResolver"> >> <bean >> class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" >> /> >> </property> >> >> <!-- The query made to find the >> Principal ID. "%u" will be replaced by the resolved Principal --> >> <property name="filter" >> value="(sAMAccountName=%u)" /> >> >> <!-- The attribute used to define >> the new Principal ID --> >> <property >> name="principalAttributeName" value="sAMAccountName" /> >> >> <property name="searchBase" >> value="dc=ad,dc=t-bird,dc=edu" /> >> >> <property name="contextSource" >> ref="contextSourceLdapAttributes" /> >> >> <!-- fix because of how AD returns >> results --> >> <property >> name="ignorePartialResultException" value="yes" /> >> >> <!-- use the attrib repository >> defined below --> >> <property >> name="attributeRepository"> >> <ref bean="attribRepository" >> /> >> </property> >> </bean> >> >> <!-- the original cred to principal >> resolvers --> >> <bean >> class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" >> /> >> <bean >> class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" >> /> >> >> </list> >> </property> >> >> >> <!-- context source for LDAP attribute resolution, used by >> CredentialsToPrincicalResolver --> >> <bean id="contextSourceLdapAttributes" >> class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> >> <property name="urls"> >> <list> >> <value>ldap://dc1.ad.t-bird.edu/</value> >> <value>ldap://dc3.ad.t-bird.edu/</value> >> <value>ldap://dc4.ad.t-bird.edu/</value> >> </list> >> </property> >> >> <property name="userName" >> value="cn=xxxx,ou=xxxx,dc=ad,dc=t-bird,dc=edu" /> >> >> <property name="password" value="xxx" /> >> >> <property name="baseEnvironmentProperties"> >> <map> >> <entry> >> <key> >> >> <value>java.naming.security.authentication</value> >> </key> >> <value>simple</value> >> </entry> >> >> <!-- >> Set the LDAP connect and read timeout(in ms) >> for the java ldap class >> See >> http://java.sun.com/products/jndi/tutorial/ldap/connect/create.html >> --> >> <entry> >> <key> >> >> <value>com.sun.jndi.ldap.connect.timeout</value> >> </key> >> <value>2000</value> >> </entry> >> <entry> >> <key> >> >> <value>com.sun.jndi.ldap.read.timeout</value> >> </key> >> <value>2000</value> >> </entry> >> <!-- >> <entry> >> <key> >> >> <value>java.naming.ldap.derefAliases</value> >> </key> >> <value>never</value> >> </entry> >> --> >> >> </map> >> </property> >> </bean> >> >> <!-- the attribute repository bean for mapping LDAP attributes to >> Principal attributes --> >> <bean id="attribRepository" >> class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> >> <property name="baseDN" >> value="dc=ad,dc=t-bird,dc=edu" /> >> <!-- >> This query is used to find the entry for populating >> attributes. >> {0} will be replaced by the new Principal ID extracted from >> the ldap >> --> >> <property name="query" value="(sAMAccountName={0})" /> >> >> <property name="contextSource" >> ref="contextSourceLdapAttributes" /> >> >> <property name="ldapAttributesToPortalAttributes"> >> <map> >> <!-- Mapping beetween LDAP entry's >> attributes (key) and Principal"s (value) --> >> <entry key="cn" value="Name"/> >> <entry key="givenName" value="FirstName" /> >> <entry key="sn" value="LastName" /> >> <entry key="mail" value="EmailAddress" /> >> </map> >> </property> >> </bean> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> ----- Original Message ----- From: "Marvin Addison" < >> [email protected]> >> To: <[email protected]> >> Sent: Tuesday, March 10, 2009 9:36 AM >> Subject: Re: [cas-user] Credentials from LDAP To Principal & >> >> >> Just to add to Scott's comment, you need to set >>> ignorePartialResults=true on the LdapContextSource that is being used >>> by LdapPersonAttributeDao. >>> >>> Additionally, you are correct that >>> CredentialsToLDAPAttributePrincipalResolver has completed >>> successfully. >>> >>> M >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
