Anyone? Is there more information I could provide that might help? Does another app need to explicitly request the attributes before they are resolved and mapped?
-baron On Wed, May 30, 2012 at 05:32:55PM -1000, Baron Fujimoto wrote: : I've seen this topic come up a few times recently, but I'm afraid I'm : still not sure what, if anything, I'm doing wrong. : : I've set up CAS server 3.4.11 can can successfully authenticate against : our LDAP. I'm now trying to set up/test attribute release using this : wiki page as a reference: : : <https://wiki.jasig.org/display/CASUM/Attributes> : : I have the following defined in deployerConfigContext.xml: : : <bean id="attributeRepository" : class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> : <property name="contextSource" ref="contextSource" /> : <property name="baseDN" value="ou=people,dc=hawaii,dc=edu" /> : <property name="requireAllQueryAttributes" value="true" /> : : <!-- : Attribute mapping beetween principal (key) and LDAP (value) names : used to perform the LDAP search. By default, multiple search criteria : are ANDed together. Set the queryType property to change to OR. : --> : <property name="queryAttributeMapping"> : <map> : <entry key="username" value="uid" /> : </map> : </property> : : <property name="resultAttributeMapping"> : <map> : <!-- Mapping between LDAP entry attributes (key) and Principal's (value) --> : <entry key="cn" value="fullName"/> : <entry key="uhUuid" value="uhNumber"/> : <entry key="eduPersonAffiliation" value="uhAffiliation"/> : <entry key="eduPersonOrgDN" value="uhOrg"/> : <entry key="uhOrgAffiliation" value="uhOrgAffiliation"/> : </map> : </property> : </bean> : : If I login with the .../cas/login servlet, I see the following in the log: : : 2012-05-30 17:22:31,472 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully authenticated the user which provided the following credentials: [username: baron] : 2012-05-30 17:22:31,577 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Created seed map='{username=[baron]}' for uid='baron' : 2012-05-30 17:22:31,577 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Created seed map='{username=[baron]}' for uid='baron' : 2012-05-30 17:22:31,578 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Adding attribute 'uid' with value '[baron]' to query builder 'null' : 2012-05-30 17:22:31,578 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Adding attribute 'uid' with value '[baron]' to query builder 'null' : 2012-05-30 17:22:31,580 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Generated query builder '(uid=baron)' from query Map {username=[baron]}. : 2012-05-30 17:22:31,580 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Generated query builder '(uid=baron)' from query Map {username=[baron]}. : 2012-05-30 17:22:31,688 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - Resolved principal baron : 2012-05-30 17:22:31,688 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - Principal found: baron : : I don't see any any indications that it's retrieving or mapping the : attributes configured above. Should I? I don't see any errors either : though, so I'm probably missing something more basic. : : (I'm also not sure why I'm seeing repeated log entries for : org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao. : : <logger name="org.jasig.services.persondir"> : <level value="DEBUG" /> : <appender-ref ref="cas" /> : </logger> : : is the only DEBUG I've set in log4j.xml. It would be nice to clean that : up too.) : : Aloha, : -baron : -- : Baron Fujimoto <[email protected]> :: UH Information Technology Services : minutas cantorum, minutas balorum, minutas carboratum desendus pantorum -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
