Milt,
Yes. It is definitely not specifying the return attributes. Here is the
relevant part of the LDAP server logging:
Jan 14 10:03:31 vps-internal.xyz.net slapd[37117]: conn=1237 op=2 SRCH
base="ou=casusers,dc=xyz,dc=net" scope=1 deref=0 filter="(uid=roger.rabbit)"
Jan 14 10:03:31 vps-internal.xyz.net slapd[37117]: conn=1237 op=2 SRCH attr=1.1
Jan 14 10:03:31 vps-internal.xyz.net slapd[37117]: <= bdb_equality_candidates:
(uid) not indexed
Jan 14 10:03:31 vps-internal.xyz.net slapd[37117]: conn=1237 op=2 SEARCH RESULT
tag=101 err=0 nentries=1 text=
Jan 14 10:03:31 vps-internal.xyz.net slapd[37117]: conn=1234 op=1 BIND
dn="cn=roger.rabbit,ou=casusers,dc=xyz,dc=net" method=128
Jan 14 10:03:31 vps-internal.xyz.net slapd[37117]: conn=1234 op=1 BIND
dn="cn=roger.rabbit,ou=casusers,dc=xyz,dc=net" mech=SIMPLE ssf=0
Jan 14 10:03:31 vps-internal.xyz.net slapd[37117]: conn=1234 op=1 RESULT tag=97
err=0 text=
Jan 14 10:03:31 vps-internal.xyz.net slapd[37117]: conn=1234 op=2 SRCH
base="cn=roger.rabbit,ou=casusers,dc=xyz,dc=net" scope=0 deref=0 filter="(obj
Jan 14 10:03:31 vps-internal.xyz.net slapd[37117]: conn=1234 op=2 SEARCH RESULT
tag=101 err=0 nentries=1 text=
Jan 14 10:03:31 vps-internal.xyz.net slapd[37117]: conn=1237 op=3 SRCH
base="ou=casusers,dc=xyz,dc=net" scope=1 deref=0 filter="(uid=roger.rabbit)"
Jan 14 10:03:31 vps-internal.xyz.net slapd[37117]: <= bdb_equality_candidates:
(uid) not indexed
Jan 14 10:03:31 vps-internal.xyz.net slapd[37117]: conn=1237 op=3 SEARCH RESULT
tag=101 err=0 nentries=1 text=
Doug
> Date: Wed, 14 Jan 2015 16:42:57 -0600
> From: [email protected]
> To: [email protected]
> Subject: RE: [cas-user] CAS 4.0 w/ OpenLDAP won't return memberOf attribute
>
> Doug,
>
> Can you check your logging on the LDAP server side (perhaps enabling
> some additional logging temporarily) to see what the query looks like,
> and the response as well? That might prove informative.
>
> I have a feeling that, regardless of the config on the CAS side, it's
> doing an ordinary query (i.e., no return attributes specified) and
> getting an ordinary response, then pulling the attributes out of that
> response. (But I'm very open to being proven wrong on this. :-)
>
> Milt Epstein
> Applications Developer
> Graduate School of Library and Information Science (GSLIS)
> University of Illinois at Urbana-Champaign (UIUC)
> [email protected]
>
>
> On Wed, 14 Jan 2015, Doug Campbell wrote:
>
> > My cas.log is attached. I turned on debugging and authenticated and just
> > provided the captured information for that process.
> >
> > Also, since it may help. I am attaching my complete
> > deployerConfigContext.xml file too.
> >
> > Hopefully this will help clarify my configuration and what I need to do.
> >
> > Thanks!
> >
> > Doug
> >
> > From: [email protected]
> > Date: Wed, 14 Jan 2015 15:56:03 +0000
> > Subject: Re: [cas-user] CAS 4.0 w/ OpenLDAP won't return memberOf attribute
> > To: [email protected]
> >
> > If I use the manager account that is used to search the directory or the
> > credentials of the use who is logging in with ldapsearch, as long as I
> > explicitly request the memberOf attribute it gets returned.
> > Ok, then my hypothesis is apparently wrong. Requesting the additional
> > attributes at authentication time is still preferable for efficiency, so I
> > suggest you continue with that approach.
> > Are you saying that I should put all my attributes that I want returned
> > here: <bean id="ldapAuthenticationHandler"
> > class="org.jasig.cas.authentication.LdapAuthenticationHandler"
> >
> > Correct.
> > When I did this I end up getting back just the values I specify in the
> > stub, not the values of LDAP.
> > Can you please put the org.jasig.cas.authentication and org.ldaptive
> > packages in debug and post the logs?
> > M
> >
> >
> > --
> > You are currently subscribed to [email protected] as:
> > [email protected]
> > To unsubscribe, change settings or access archives, see
> > http://www.ja-sig.org/wiki/display/JSG/cas-user
> >
> > --
> > You are currently subscribed to [email protected] as:
> > [email protected]
> > To unsubscribe, change settings or access archives, see
> > http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
