You can use this simplified resolver:
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
p:attributeRepository-ref="attributeRepository" />
Example repository:
<bean
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"
p:baseDN="ou=users,dc=school,dc=ad,dc=school,dc=edu"
p:query="(sAMAccountName={0})"
p:contextSource-ref="contextSource">
<property name="ldapAttributesToPortalAttributes">
<map>
<entry key="givenName" value="givenName"/>
<entry key="mail" value="mail" />
<entry key="employeeID" value="employeeID" />
<entry key="displayName" value="displayName" />
<entry key="sn" value="sn" />
</map>
</property>
</bean>
On Tue, Jun 16, 2009 at 4:04 PM, Scott Battaglia
<[email protected]>wrote:
> Just a note that you can simplify your configuration and apply the
> "attributeRepository" directly to the
> UsernamePasswrodCredentialsToPrincipalResolver. You usually only use the
> CredentialsToLdapAttributePrincipalResolver to map the username provided to
> something else.
>
>
> That said I don't see anything crazy off the top of my head, but I'll
> double check my AD config at home.
>
> Cheers,
> Scott
>
>
>
> On Tue, Jun 16, 2009 at 3:59 PM, Winter, James <[email protected]>wrote:
>
>> Inside of credentialsToPrincipalResolvers:
>>
>>
>>
>> <bean
>> class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
>>
>> <property name="credentialsToPrincipalResolver">
>>
>> <bean
>> class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
>> />
>>
>> </property>
>>
>> <property name="filter" value="(sAMAccountName=%u)" />
>>
>> <property name="principalAttributeName" value="Name" />
>>
>> <property name="searchBase"
>> value="CN=Users,DC=school,DC=edu" />
>>
>> <property name="contextSource" ref="contextSource" />
>>
>> <property name="attributeRepository">
>>
>> <ref bean="attributeRepository" />
>>
>> </property>
>>
>> </bean>
>>
>>
>>
>> And the attributeRepository:
>>
>>
>>
>> <bean id="attributeRepository"
>> class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
>>
>> <property name="baseDN" value="cn=Users,dc=school,dc=edu" />
>>
>> <property name="query" value="(samAccountName={0})" />
>>
>> <property name="contextSource" ref="contextSource" />
>>
>> <property name="ldapAttributesToPortalAttributes">
>>
>> <map>
>>
>> <entry
>> key="samAccountName" value="Name" />
>>
>> <entry value="mail"
>> key="EmailAddress" />
>>
>> </map>
>>
>> </property>
>>
>> </bean>
>>
>>
>>
>> This is the contextSource:
>>
>>
>>
>> <bean id="contextSource"
>> class="org.springframework.ldap.core.support.LdapContextSource">
>>
>> <property name="urls">
>>
>> <list>
>>
>> <value>ldap://
>> server.school.edu</value>
>>
>> </list>
>>
>> </property>
>>
>> <property name="userDn" value="{full DN for user}"/>
>>
>> <property name="password" value="{password}"/>
>>
>> <property name="baseEnvironmentProperties">
>>
>> <map>
>>
>> <entry>
>>
>>
>> <key>
>>
>>
>> <value>java.naming.security.authentication</value>
>>
>>
>> </key>
>>
>>
>> <value>simple</value>
>>
>> </entry>
>>
>> </map>
>>
>> </property>
>>
>> </bean>
>>
>>
>>
>> *James Winter*
>>
>> 215.517.2588
>>
>>
>>
>> *From:* Scott Battaglia [mailto:[email protected]]
>> *Sent:* Tuesday, June 16, 2009 3:41 PM
>>
>> *To:* [email protected]
>> *Subject:* Re: [cas-user] CAS and Active Directory
>>
>>
>>
>> Can you post your config minus the password and any other incriminating
>> evidence? Also, does the binding user have permission to see the attributes
>> you're trying to retrieve?
>>
>> Cheers,
>> Scott
>>
>> On Tue, Jun 16, 2009 at 3:40 PM, Winter, James <[email protected]>
>> wrote:
>>
>> I am using the same contextSource, yes.
>>
>>
>>
>> *James Winter*
>>
>> 215.517.2588
>>
>>
>>
>> *From:* Scott Battaglia [mailto:[email protected]]
>> *Sent:* Tuesday, June 16, 2009 3:37 PM
>> *To:* [email protected]
>> *Subject:* Re: [cas-user] CAS and Active Directory
>>
>>
>>
>> According to my quick google search, that usually means an error in the
>> username provided to bind. Are you using the same LdapContextSource for the
>> bind authentication handler AND the attribute stuff?
>>
>> Cheers,
>> Scott
>>
>> On Tue, Jun 16, 2009 at 3:18 PM, James Winter <[email protected]>
>> wrote:
>>
>> I always get this error:
>>
>> org.springframework.ldap.AuthenticationException: [LDAP: error code 49 -
>> 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data
>> 525
>>
>> But again, the authentication itself works correctly, just not any of the
>> attributes. I think I just need an example deployerConfigContext to get me
>> started. I cobbled together some examples, but I didn't get very far.
>> --
>>
>> You are currently subscribed to [email protected] as:
>> [email protected]
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>>
>> --
>>
>> You are currently subscribed to [email protected] as:
>> [email protected]
>>
>>
>>
>>
>>
>>
>>
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>> --
>>
>>
>>
>> You are currently subscribed to [email protected] as:
>> [email protected]
>>
>>
>>
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>>
>> --
>>
>> You are currently subscribed to [email protected] as:
>> [email protected]
>>
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>> --
>> You are currently subscribed to [email protected] as:
>> [email protected]
>>
>>
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
