Doug, Can you check your logging on the LDAP server side (perhaps enabling some additional logging temporarily) to see what the query looks like, and the response as well? That might prove informative.
I have a feeling that, regardless of the config on the CAS side, it's doing an ordinary query (i.e., no return attributes specified) and getting an ordinary response, then pulling the attributes out of that response. (But I'm very open to being proven wrong on this. :-) Milt Epstein Applications Developer Graduate School of Library and Information Science (GSLIS) University of Illinois at Urbana-Champaign (UIUC) [email protected] On Wed, 14 Jan 2015, Doug Campbell wrote: > My cas.log is attached. I turned on debugging and authenticated and just > provided the captured information for that process. > > Also, since it may help. I am attaching my complete > deployerConfigContext.xml file too. > > Hopefully this will help clarify my configuration and what I need to do. > > Thanks! > > Doug > > From: [email protected] > Date: Wed, 14 Jan 2015 15:56:03 +0000 > Subject: Re: [cas-user] CAS 4.0 w/ OpenLDAP won't return memberOf attribute > To: [email protected] > > If I use the manager account that is used to search the directory or the > credentials of the use who is logging in with ldapsearch, as long as I > explicitly request the memberOf attribute it gets returned. > Ok, then my hypothesis is apparently wrong. Requesting the additional > attributes at authentication time is still preferable for efficiency, so I > suggest you continue with that approach. > Are you saying that I should put all my attributes that I want returned here: > <bean id="ldapAuthenticationHandler" > class="org.jasig.cas.authentication.LdapAuthenticationHandler" > > Correct. > When I did this I end up getting back just the values I specify in the stub, > not the values of LDAP. > Can you please put the org.jasig.cas.authentication and org.ldaptive packages > in debug and post the logs? > M > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
