Here's what I had:
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl">
<property name="personAttributeDaos">
<list>
<bean
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"
p:baseDN="ou=NewUsers,dc=staff,dc=ad,dc=university,dc=edu"
p:query="(sAMAccountName={0})"
p:contextSource-ref="contextSource1">
<property name="ldapAttributesToPortalAttributes">
<map>
<entry key="givenName" value="givenName"/>
<entry key="mail" value="mail" />
<entry key="employeeID" value="employeeID" />
<entry key="displayName" value="displayName" />
<entry key="sn" value="sn" />
</map>
</property>
</bean>
<bean
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"
p:baseDN="ou=NewUsers,dc=student,dc=ad,dc=university,dc=edu"
p:query="(sAMAccountName={0})"
p:contextSource-ref="contextSource2">
<property name="ldapAttributesToPortalAttributes">
<map>
<entry key="givenName" value="givenName"/>
<entry key="mail" value="mail" />
<entry key="displayName" value="displayName" />
<entry key="sn" value="sn" />
</map>
</property>
</bean>
</list>
</property>
</bean>
In this particular instance the attributes were slightly different per AD
server (this was two different AD servers, but conceptually it should be the
same).
Cheers,
Scott
On Wed, Jun 17, 2009 at 10:04 AM, Scott Battaglia <[email protected]
> wrote:
> I have an example configuration at home that uses to repositories in
> combination with a MergingAttributeDao. It may be helpful, but I won't get
> to it until I'm at home, so if you find one before then.. ;-)
>
> The documentation for PersonDirectory is actually pretty good:
> http://developer.jasig.org/projects/person-directory/1.1.2/
>
> Cheers,
> Scott
>
>
>
> On Wed, Jun 17, 2009 at 10:00 AM, Marvin Addison <[email protected]
> > wrote:
>
>> > 1. For Active Directory, what if users are split into different OUs in a
>> > domain? For instance, staff in a "Staff" OU and students in a "Students"
>> > OU directly in the root of the domain. I tried leaving the baseDN for
>> > the attributeRepository as "dc=school,dc=edu" but that gets a
>> > continuation error. Is there a way to search multiple OUs?
>>
>> The error above is a known issue,
>> http://www.ja-sig.org/issues/browse/PERSONDIR-53. It _would_ be
>> possible to search below the OU level if the PersonDirectory
>> developers would simply apply the patch that Scott attached to that
>> issue, but their lack of movement on the issue to date suggests it
>> won't be fixed in the near future. Sorry.
>>
>> The workaround is to create multiple attribute repository beans, each
>> with the scope of the OU you wish to search. We do something similar
>> where different authentication handlers produce different principals,
>> requiring different LDAP queries for attributes. We handle that using
>> two attribute repositories and it works well. I recall, but don't
>> have a reference, that others have posted to the list with a use case
>> similar to yours and have solved the problem with multiple attribute
>> repositories. You might try searching the archives for those if you
>> would like some concrete configuration examples.
>>
>> Good luck,
>> M
>>
>> --
>> You are currently subscribed to [email protected] as:
>> [email protected]
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
