The username is unique, the uid isn't unique (I have the same uid for my staff account as my student account). We must (*mandated*) return the uid as the principal...
<property name="principalAttributeName" value="uid" /> but without having the original login username, how can we match that to the correct user in LDAP to get the correct attributes? So if I login with my staff account, dhicks, and it resolved that to my uid, 123456789, then how can I filter/query based on something like: (&(cn=dhicks)(uid=123456789)) David On Thu, Nov 17, 2011 at 10:49 AM, Scott Battaglia <[email protected] > wrote: > Can't you just map the value from the attributes? You don't need the one > they actually typed in? > > On Thu, Nov 17, 2011 at 11:16 AM, David Hicks <[email protected]> wrote: > >> We're getting the attributes back now, but I'm trying to get the >> username that was used during login to come back with the attributes. >> When a user successfully logs in, the resolver sets the >> principalAttributeName as their "uid" (a number); not their username >> (cn/name/samAccountName). Is there a way to do this in the >> resultAttributeMapping or before that? >> >> David >> >> On Tue, Sep 6, 2011 at 10:45 PM, Scott Battaglia < >> [email protected]> wrote: >> >>> Can you increase your logging to debug to see if the DAO is being called >>> and retrieving anything? Also, if you're expecting any results to be >>> returned you have to combine this with SAML 1.1 and the Attribute Release >>> in the Services Management tool. >>> >>> p.s. this got caught in my spam filter so some one may have already >>> replied with more detailed help >>> >>> >>> On Fri, Aug 26, 2011 at 4:21 PM, David <[email protected]> wrote: >>> >>>> We're connecting CAS to an LDAP server and I can get it to authenticate >>>> without any problems, but I can't get the bloomin' thing to send me back >>>> any attributes! >>>> >>>> Here are the two sections of the deployerConfigContext.xml where I >>>> think the problem may reside... >>>> >>>> <bean id="attributeRepository" >>>> >>>> class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> >>>> <property name="contextSource" ref="contextSource" /> >>>> <property name="baseDN" value="OU=People,DC=xxx,DC=xxx" >>>> /> >>>> <property name="requireAllQueryAttributes" value="false" >>>> /> >>>> >>>> <property name="queryAttributeMapping"> >>>> <map> >>>> <entry key="username" value="cn" /> >>>> </map> >>>> </property> >>>> >>>> <property name="resultAttributeMapping"> >>>> <map> >>>> <entry key="cn" value="username" /> >>>> <entry key="mail" value="emailAddress" >>>> /> >>>> <entry key="givenName" >>>> value="firstName" /> >>>> <entry key="sn" value="lastName" /> >>>> <entry key="uid" value="uwfid" /> >>>> </map> >>>> </property> >>>> </bean> >>>> >>>> and under the authenticationHandlers property... >>>> >>>> <bean >>>> class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"> >>>> <property name="filter" value="cn=%u" /> >>>> <property name="searchBase" >>>> value="OU=People,DC=xxx,DC=xxx" /> >>>> <property name="contextSource" ref="contextSource" /> >>>> </bean> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>> >>> -- >>> You are currently subscribed to [email protected] as: [email protected] >>> >>> >>> >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
