Hello,
I have a CAS 4 already doing LDAP authentication fine, and I do intend to make
it to pass some LDAP attributes to the clients.
[ I've finally guessed SAML is needed to retrieve LDAP attributes and make
them available to client applications, am I right? ]
Nevertheless, I've reached a point in which this attributeRepository is OK:
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.StubPersonAttributeDao"
p:backingMap-ref="attrRepoBackingMap" />
<util:map id="attrRepoBackingMap">
<entry key="uid" value="uid" />
<entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
<entry key="groupMembership" value="groupMembership" />
</util:map>
but login (!) fails when I change it to :
<bean id="attributeRepository"
class="org.jasig.cas.persondir.LdapPersonAttributeDao"
p:connectionFactory-ref="connectionFactory"
p:baseDN="${ldap.authn.baseDn}"
p:searchControls-ref="searchControls"
p:searchFilter="cn={0}" >
<property name="resultAttributeMapping">
<map>
<entry key="sn" value="sn" />
<entry key="middlename" value="middlename" />
<entry key="givenname" value="givenname" />
</map>
</property>
</bean>
My surprise comes when the following message appears in logs:
ERROR [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver@b8751a
failed to resolve principal from username+password
java.lang.IllegalStateException: Connection is not open
at
org.ldaptive.DefaultConnectionFactory$DefaultConnection.getProviderConnection(DefaultConnectionFactory.java:272)
at org.ldaptive.SearchOperation.executeSearch(SearchOperation.java:119)
at org.ldaptive.SearchOperation.invoke(SearchOperation.java:101)
at org.ldaptive.SearchOperation.invoke(SearchOperation.java:28)
at org.ldaptive.AbstractOperation.execute(AbstractOperation.java:142)
at
org.jasig.cas.persondir.LdapPersonAttributeDao.getPeopleForQuery(LdapPersonAttributeDao.java:146)
at
org.jasig.cas.persondir.LdapPersonAttributeDao.getPeopleForQuery(LdapPersonAttributeDao.java:56)
at
org.jasig.services.persondir.support.AbstractQueryPersonAttributeDao.getPeopleWithMultivaluedAttributes(AbstractQueryPersonAttributeDao.java:219)
at
org.jasig.services.persondir.support.AbstractDefaultAttributePersonAttributeDao.getPerson(AbstractDefaultAttributePersonAttributeDao.java:77)
at
org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver.resolve(PersonDirectoryPrincipalResolver.java:77)
I wonder how is possible to get "Connection is not open", as authentication
works fine with the default attributeRepository and this log messages doesn't
appear when using a wrong user/password.
Do you have any hint for solving this?
Thanks in advance,
--
Alberto Cabello Sánchez
<[email protected]>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
