Hi guys,
I'm doing a Google Integration for my company and I got some problem with
getting attribute from AD.
Since I want to work with SPNEGO to get my user authenticated without typing
anything, I need to extract the mail attribute of the user being logged in,
cause Google use the mail to perform the authentication.
I've already made a prototype using a form authentication with
CredentialsToLDAPAttributePrincipalResolver using principalAttributeName to
get the mail without any problem.
So to get the mail from the user being authenticated, I use the
attributeRepository tips finded on the wiki.
But I'm running into an error cause AD referral when we don't get user from
CN=Users using the baseDN instead. Evry ldap search end in a partial results
exception. To avoid that, I tried to use a ldaptempate instead of
contextsource specifying ignorePartialResultException to true, but even if
the exception is thrown, attribute aren't being set for the user.
I also tried to specify java.naming.referral to the contextSource to follow
or ignore, and still no error but nothing is extracted.
SPNEGO works fine, get the user sAMAccountName. From that I'm trying to user
information.
What being shown in the log :
2010-03-05 12:12:10,979 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Created
seed map='{username=[admgoogle]}' for uid='admgoogle'
2010-03-05 12:12:10,979 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Adding
attribute 'sAMAccountName' with value '[admgoogle]' to query builder 'null'
2010-03-05 12:12:10,979 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] -
Generated query builder '(sAMAccountName=admgoogle)' from query Map
{username=[admgoogle]}.
Then exception is thrown and ... nothing else. Setting the referal to
nothing, cas breaks; follow or ignore don't break but doesn't extract the
value.
Here is some configuration that may be helpful to understand if their is a
misconfiguration on my side :
<bean
class="org.jasig.cas.support.spnego.authentication.principal.SpnegoCredentialsToPrincipalResolver">
<property name="attributeRepository">
<ref bean="attribRepository" />
</property>
</bean>
<bean id="attribRepository"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<!--<property name="ldapTemplate" ref="ldapTemplate" /> -->
<property name="contextSource" ref="contextSource" />
<property name="baseDN" value="DC=adisseo,DC=local" />
<property name="queryTemplate" value="(&{0}(objectclass=user))"/>
<property name="searchControls">
<bean class="javax.naming.directory.SearchControls">
<property name="countLimit" value="1" />
<property name="timeLimit" value="5000" />
<property name="returningObjFlag" value="true" />
</bean>
</property>
<property name="queryAttributeMapping">
<map>
<entry key="username" value="sAMAccountName" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="mail">
<value>EmailAddress</value>
</entry>
<entry key="givenName">
<value>givenName</value>
</entry>
</map>
</property>
</bean>
<bean id="contextSource"
class="org.springframework.ldap.core.support.LdapContextSource" >
<property name="anonymousReadOnly" value="false" />
<property name="pooled" value="true" />
<property name="urls">
<list>
<value>ldap://ldapserver:389</value>
</list>
</property>
<property name="userDn" value="u...@domain" />
<property name="password" value="XXXXXX" />
<property name="baseEnvironmentProperties">
<map>
<entry key="java.naming.security.authentication" value="simple" />
<entry key="java.naming.referral" value="follow" />
</map>
</property>
</bean>
Thanks for any helps
Best Regards,
Jeremy
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
