Replace the UsernamePasswordCredentialsToPrincipalResolver bean defined in the AuthenticationManagerImpl bean with the following:
<bean id="ldapAttributeResolver" class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver" p:credentialsToPrincipalResolver-ref="usernamePasswordCredentialsToPrincipalResolver" p:contextSource-ref="contextSource" p:filter="(|(sAMAccountName=%u)(mail=%u))" p:principalAttributeName="sAMAccountName" p:searchBase="ou=Users,dc=example,dc=com" /> That will create a resolver that performs a query using the same filter as your authentication filter, and maps the value of sAMAccountName in the results to a new principal ID. It's really only valuable when the user authenticates with an email address, but it's a generalized solution in any case. Note you will need to define a UsernamePasswordCredentialsToPrincipalResolver top-level bean somewhere with the name "usernamePasswordCredentialsToPrincipalResolver" if you use the exact definition above since it uses a reference to locate the delegated C-to-P resolver. We probably need an example of this on the wiki. If you could confirm this works for you, or provide any tweaks you needed to get it to work I'd appreciate it since I did this from memory/looking at code. I think a working example would be a generally useful addition to http://www.ja-sig.org/wiki/display/CASUM/LDAP. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
