Jonathan, 2) The person directory project supports cascading queries. That might help you to some extent to develop recursive queries, but if that's not sufficient, you can always roll your own impl that makes the right calls down the level you'd like. Effectively, that would entail providing a custom implementations of the IPersonAttributeDao interface.
https://wiki.jasig.org/display/PDM15/Attribute+Aggregation As always, patches and pull requests are more than welcome. 3) Take a look at the uPortal's project usage of person directory: https://github.com/Jasig/uPortal/blob/master/uportal-war/src/main/resources/properties/contexts/personDirectoryContext.xml That should serve as a pointer, albeit a complex one, to how you can configure various caching options with person directory. Regards, Misagh ----- Original Message ----- From: "Mearl Danner" <[email protected]> To: [email protected] Sent: Wednesday, December 5, 2012 7:21:40 AM Subject: RE:[cas-user] Help with Person Directory Configuration (CAS Attributes) The issue with Active Directory is the search referrals returned as part of the query. Basically the configuration tells the LDAP client in CAS to ignore them. If it chases the referrals the query will fail. -----Original Message----- From: Jonathan Windle [mailto:[email protected]] Sent: Tuesday, December 04, 2012 6:17 PM To: [email protected] Subject: [cas-user] Help with Person Directory Configuration (CAS Attributes) Hello, First my apologies posting questions specific to the Person Directory library on the cas-user list. I did try subscribing to the person-directory-user list first but got a message back from WiscList saying that it was not a valid mailing list. I figure because my configuration is for the purpose of CAS attributes I wouldn't feel to bad posting here as an alternative. I am working with LdapPersonAttributeDao for my attribute repository. The LDAP server context source is an Active Directory server. Currently I have a configuration working that is returning attributes from the server. == 1 == I found that I needed the following configuration in order for the LdapPersonAttributeDao class to run a successful query against Active Directory's LDAP server. <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate"> <constructor-arg ref="contextSource" /> <property name="ignorePartialResultException" value="true" /> </bean> <bean id="attributeRepository" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> <property name="ldapTemplate" ref="ldapTemplate" /> </bean> I was wondering if anyone might be able to explain why this seems to be a critical piece when running against Active Directory, and if this is the best way to configure for Active Directory LDAP. If this configuration is correct then I would like to add some documentation to the Attributes section of the CAS User Manual. == 2 == One of the attributes I would like to be able to return from the LDAP server is a complete group membership for the user. I want to know if it is possible with Person Directory to do a recursive memberOf property query. == 3 == The Person Directory library supports caching. This seems like a great feature as it would reduce my LDAP queries. I've looked at the example CachingPersonAttributeDaoImpl bean configuration in the Person Directory 1.5 documentation[1]. I think I understand most of the configuration but I am uncertain how to implement the userInfoCache property from within CAS. Inside the userInfoCache property org.jasig.portal.utils.cache.MapCacheFactoryBean is called out. This appears to me to be apart of uPortal. I'm not sure if CAS has something native that can be used, or if it should just be using the uPortal library. I would be interested in configurations for an in-memory cache and using an external caching service such as memcached, if that is possible. After testing I would also like to add this to the documentation on the CAS User Manual. Thanks, Jonathan [1] https://wiki.jasig.org/display/PDM15/Example+Configuration -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
