Querying (unbCaAlumniUid=jgoguen) returns nothing, which is expected, but the
query should be (|(uid=jgoguen)(unbCaAlumniUid=jgoguen)). Here's the
attributeRepository bean:
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<property name="contextSource" ref="contextSource" />
<property name="baseDN" value="dc=unb,dc=ca" />
<property name="requireAllQueryAttributes" value="false" />
<property name="queryType" value="OR" />
<property name="queryAttributeMapping">
<map>
<entry key="username" value="uid" />
<entry key="username" value="unbCaAlumniUid" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="uid" value="uid" />
<entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
<entry key="eduPersonPrimaryAffiliation"
value="eduPersonPrimaryAffiliation" />
<entry key="eduPersonOrgUnitDn" value="eduPersonOrgUnitDn" />
<entry key="eduPersonPrimaryOrgUnitDn"
value="eduPersonPrimaryOrgUnitDn" />
</map>
</property>
</bean>
And here's the contextSource bean:
<bean id="contextSource"
class="org.springframework.ldap.core.support.LdapContextSource">
<property name="pooled" value="true"></property> <!-- Default: false -->
<property name="urls">
<list>
<ref bean="myunb.ldap.base.provider.url"></ref> <!-- A URI in the
form ldaps://ldap.host.name -->
</list>
</property>
<property name="userDn" ref="myunb.ldap.security.principal"></property>
<!-- The DN for the directory user performing authentication -->
<property name="password" ref="myunb.ldap.security.credentials"></property>
<!-- The password for the directory user performing authentication -->
<property name="baseEnvironmentProperties">
<map>
<entry key="java.naming.security.authentication"
value="simple"></entry>
<entry key="java.naming.referral"
value-ref="myunb.cas.ldap.referral"></entry>
<entry key="com.sun.jndi.ldap.connect.timeout"
value-ref="myunb.cas.ldap.connect.timeout"></entry>
<entry key="com.sun.jndi.ldap.read.timeout"
value-ref="myunb.cas.ldap.read.timeout"></entry>
</map>
</property>
</bean>
Is there perhaps some oddity that got fixed after CAS Server 3.3.5? We
unfortunately can't upgrade CAS at the moment, we're tied to this version due
to limitations from another vendor although I've been assured of updates
allowing us to upgrade "soon".
On 2012-02-07, at 09:42, Marvin Addison wrote:
>> 2012-02-07 09:27:15,013 INFO
>> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
>> AuthenticationHandler:
>> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully
>> authenticated the user which provided the following credentials: [username:
>> jgoguen]
>> 2012-02-07 09:27:15,068 DEBUG
>> [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Created
>> seed map='{username=[jgoguen]}' for uid='jgoguen'
>> 2012-02-07 09:27:15,068 DEBUG
>> [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Adding
>> attribute 'unbCaAlumniUid' with value '[jgoguen]' to query builder 'null'
>> 2012-02-07 09:27:15,071 DEBUG
>> [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] -
>> Generated query builder '(unbCaAlumniUid=jgoguen)' from query Map
>> {username=[jgoguen]}.
>
> I would expect more debugging output right here.
>
>> 2012-02-07 09:27:15,138 INFO
>> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket
>> [ST-1-y5Ww99dOBDUfJWC3TxGd-cas] for service
>> [https://webtest.its.unb.ca/cas-dev/index.cgi] for user [jgoguen]
>
> Interesting. Have you tried executing the LDAP query
> (unbCaAlumniUid=jgoguen) against your directory using a tool like
> ldapsearch? It's important that you use exactly the same search base
> and credentials as you've specified in your deployerConfigContext.xml
> file. What does that show? Do you have logs on the directory server
> that you could examine to correlate with the query above? Share those
> if you can.
>
> M
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
--
Joel Goguen
Developer
Enterprise Solutions
Information Technology Services
University of New Brunswick
E-mail: [email protected]
Phone: (506) 453-4872
Fax: (506) 453-3590
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
