> I need to extract attributes from my OpenLDAP server.
> These attributes are on the upper branch of the user I'm authenticated.
> There is no way to tell LdapPersonAttributeDao also recover that information?
This is a common case that CAS supports nicely. The definition for
the LDAP search query for the authentication handler is entirely
separate from that of the PersonDirectory LdapPersonAttributeDao.
Just define the search base of LdapPersonAttributeDao so it searches
higher up in your directory tree, e.g.:
<bean
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter" value="uupid=%u" />
<property name="searchBase"
value="ou=SomeDepartment,ou=People,dc=vt,dc=edu" />
<property name="contextSource" ref="contextSourceBean" />
</bean>
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
p:contextSource-ref="pooledContextSourceBean"
p:baseDN="ou=People,dc=vt,dc=edu"
p:requireAllQueryAttributes="true">
<property name="queryAttributeMapping">
<map>
<entry key="username" value="uupid" />
</map>
</property>
<!--
Attribute mapping beetween LDAP (key) and principal (value).
Value may be either String or Set of String for multivalued mappings.
-->
<property name="resultAttributeMapping">
<map>
<entry key="accountState" value="accountState" />
<entry key="groupMembership" value="groupMembership" />
<entry key="passwordState" value="passwordState" />
<entry key="uid" value="uid" />
<entry key="virginiaTechAffiliation" value="virginiaTechAffiliation" />
</map>
</property>
</bean>
M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
