Hi,
I've activated the org.ldaptive debug and i see in my logs that the
searchScope is set to null :
<execute
request=[org.ldaptive.SearchRequest@2000956677::baseDn=dc=test,dc=fr,
searchFilter=[org.ldaptive.SearchFilter@380119817::filter=uid={0},
parameters={0=testuser}], returnAttributes=[], searchScope=null,
timeLimit=0, sizeLimit=0, derefAliases=null, typesOnly=false,
binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null
For debug purpose and also to see if it's only the searchScope that cause
problems, i've put in my searchControls bean the countLimit parameter like
this:
<bean id="searchControls"
class="javax.naming.directory.SearchControls"
p:searchScope="2"
p:countLimit="20"/>
and i'm really surprised to see that parameter is correctly set in the
ldaptive SearchRequest but the searchScope is still set to null:
execute
request=[org.ldaptive.SearchRequest@2000956677::baseDn=dc=nordpasdecalais,dc=fr,
searchFilter=[org.ldaptive.SearchFilter@380119817::filter=uid={0},
parameters={0=amartins}], returnAttributes=[], searchScope=null,
timeLimit=0, sizeLimit=20, derefAliases=null, typesOnly=false,
binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null,
I've also try to change my jdk to see if it's a bug caused by the class
"javax.naming.directory.SearchControls" but searchScope still set to "null".
Any help really really appreciated. I'm stuck with this problem for several
days now...
Best,
--
Armando Martins
Le jeudi 8 janvier 2015 13:16:40 UTC+1, Armando Martins a écrit :
>
> Hi,
>
> I'm trying tu upgrade my cas server.
> My authentication based on ldap works well but i have a problem with my
> attribute repository config. It seems that he didn't take my searchscope
> parameter.
>
> Here is my config :
>
> <bean id="attributeRepository"
> class="org.jasig.cas.persondir.LdapPersonAttributeDao"
> p:baseDN="dc=test,dc=fr"
> p:searchFilter="uid={0}"
> p:searchControls-ref="searchControls"
> p:connectionFactory-ref="searchPooledLdapConnectionFactory"
> p:resultAttributeMapping-ref="resultAttributeMap"
> />
>
> <util:map id="resultAttributeMap">
> <entry key="uid" value="user" />
> <entry key="mail" value="email" />
> <entry key="displayName" value="displayName" />
> </util:map>
>
> <bean id="searchControls"
> class="javax.naming.directory.SearchControls"
> p:searchScope="2"
> />
>
> All my users are under "ou=company,ou,users,dc=test,dc=fr",
> "ou=company1,ou,users,dc=test,dc=fr", "ou=company2,ou,users,dc=test,dc=fr"
> and more.
> That's why i want my baseDN to be "dc=test,dc=fr" with a searchScope="2" .
>
> with this attributeRepository config, I've no attribute returned because i
> see in my ldap log that the search scope is set to 1 and my user dn is
> uid=testuser,ou=company,ou,users,dc=test,dc=fr
> slapd[6694]: conn=1018 op=3 SRCH base="dc=test,dc=fr" scope=1 deref=0
> filter="(uid=testuser)"
> slapd[6694]: conn=1018 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
>
> If i modify my baseDN in in my attributeRepository to
> "ou=company,ou,users,dc=test,dc=fr" i have my attributes returned well but
> always with a scope=1. The problem is that i also have users in different
> organizational units under "ou,users,dc=test,dc=fr"
>
> Here is the log with baseDN modified
> to "ou=company,ou,users,dc=test,dc=fr" :
>
> slapd[6697]: conn=1030 op=3 SRCH base="ou=company,ou,users,dc=test,dc=fr"
> scope=1 deref=0 filter="(uid=testuser)"
> slapd[6697]: conn=1030 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
>
> I know i've made a mistake somewhere which causes the non-inclusion of
> my searchScope parameter but i can't see where....
>
> Please can someone help me?
>
> Thanks a lot
>
> --
> Armando Martins
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
