[cas-user] CAS 4.0.0 LDAP principalIdAttribute issues

Thu, 17 Jul 2014 17:10:17 -0700 

In testing 4.x I’m trying to understand the LdapAuthenticationHandler’s use of 
the principalIdAttribute and why I’m not getting expected results.

Using the documentation for LDAP setup, I have the following:

<bean id="ldapAuthenticationHandler"
      class="org.jasig.cas.authentication.LdapAuthenticationHandler"
      p:principalIdAttribute="uid"
      c:authenticator-ref="authenticator">
    <property name="principalAttributeMap">
        <map>
            <entry key="uid" value="uid" />
        </map>
    </property>
</bean>

With this, the principalID is not being set to the uid, rather keeping the 
“username”.

For background, I’m simply trying to apply the actual uid attribute from the 
person’s LDAP entry instead of the user input of their UID AKA “username” (as 
to normalize the principalID i.e. strip leading and trailing spaces, remove 
case.)

In my research, I see some references to creating a bean to provide attribute 
repository to the primaryPrincipalResolver:

<bean id="attributeRepository" 
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">

But this class, as stated earlier by another makes use of non ldaptive stuffs, 
rather Spring LDAP which I’d rather not use. Currently 4.0.0 docs even point 
this way, potentially erroneously? : 
http://jasig.github.io/cas/4.0.0/installation/Configuring-Authentication-Components.html

Could someone let me know if I'm supposed to instead be using:
org.jasig.cas.persondir.LdapPersonAttributeDao

…and if so, how should it be configured if I can re-use my existing LDAP bind 
search base, search filter, and connection pool. Before I go any further down 
this rabbit hole, here’s my basic understanding of the bean:

<bean id="attributeRepository"
      class="org.jasig.cas.persondir.LdapPersonAttributeDao"
      p:baseDn="${ldap.authn.baseDn}"
      p:searchFilter="${ldap.authn.searchFilter}”
      p:searchControls=“"   ??? example ???
      p:connectionFactory-ref="searchPooledLdapConnectionFactory"
      p:queryAttributeMapping-ref="attrRepoBackingMap"
      p:resultAttributeMapping-ref="attrRepoBackingMap"
/>

Any insight would be greatly appreciated.

—
Raymond Walker
Software Systems Engineer StSp.
ITS - Northern Arizona University

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to