I know this isn't the best place to put this, since PersonDirectory is more
of an extension of CAS then an integral part. But given that I've seen so
many people post questions about it, I hope I'll be forgiven to be doing the
same.
Authentication on our system is done via 3 seperate sources: an MS-AD, an
(archaic) LDAP server and a small MySQL database for those people who can't
be put in either of the other 2 (for whatever reason). Given that I want
attributes to be available for everyone, 3 different kinds of
attributerepository exist too, the most important ones being:
<bean id="attributeRepositoryActiveDirectory"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<property name="contextSource"
ref="contextSourceStudentActiveDirectory" />
<property name="baseDN" value="ou=*****,dc=*****,dc=*****" />
<property name="queryAttributeMapping">
<map>
<entry key="username" value="mail" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="username" value="uid" />
<entry key="mail" value="email" />
<entry key="sn" value="last_name" />
<entry key="givenName" value="first_name" />
<entry key="department" value="group" />
</map>
</property>
</bean>
... for the attributes from the active directory and ....
<bean id="attributeRepositoryMySQL"
class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
<constructor-arg index="0" ref="dataSourceMySQLExternalUsers" />
<constructor-arg index="1" value="SELECT * FROM users WHERE {0}" />
<property name="queryAttributeMapping">
<map>
<entry key="username" value="email" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry value="uid" key="email" />
<entry value="first_name" key="firstname" />
<entry value="last_name" key="lastname" />
<entry value="email" key="email" />
<entry value="affiliation" key="affiliation" />
<entry value="group" key="group" />
</map>
</property>
</bean>
... for the MySQL database.
The active directory is used to authenticate students, but since there is no
attribute present for that, it's not in the resultset either. There are
plenty of ways to catch this other then with CAS, but I want this dealt with
in a clean way.
The simplest solution seemed to me to merge the
attributeRepositoryActiveDirectory with an extra PersonAttributeDao of a
more "static" variety by means of MergingPersonAttributeDaoImpl. This left
me wondering what kind of PersonAttributeDao I should be using to define a
static attribute for my principal? In our case affiliation coming from the
MS-AD would always be "student".
It sounds more or less like something the StubPersonAttributeDao would do
(and actually does too) but since no name / uid is set when using it, I just
get these kinds of entries in the log:
2009-08-18 14:14:33,646 DEBUG
[org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] -
Aggregated search results
'[namedpersonimpl[[email protected],attributes={email=[[email protected]],
last_name=[Mouse], first_name=[Mickey], group=[Magical Kingdom]}],
AttributeNamedPersonImpl[name=<null>,attributes={affiliation=[student]}]]'
for query='{username=[[email protected]]}'
And an error message which (obviously) says 2 results were returned and only
1 was expected. Am I correct in assuming this is because of the fact that
the second "name" is null ... and if so, can this be fixed?
--
View this message in context:
http://www.nabble.com/CAS-Attributes-tp25025959p25025959.html
Sent from the CAS Users mailing list archive at Nabble.com.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
