>
> It is definitely not specifying the return attributes.
>
That jibes with the CAS logs. The following is the log entry for the search
operation for return attributes following user bind:
2015-01-14 10:03:31,357 DEBUG [org.ldaptive.SearchOperation] - execute
response=[org.ldaptive.Response@1642731964::result=[[[dn=cn=roger.rabbit,ou=casusers,dc=xyz,dc=net[],
responseControls=null, messageId=-1]]], resultCode=SUCCESS, message=null,
matchedDn=null, responseControls=null, referralURLs=null, messageId=-1] for
request=[org.ldaptive.SearchRequest@-349299973::baseDn=ou=casusers,dc=xyz,dc=net,
searchFilter=[org.ldaptive.SearchFilter@2101991669::filter=uid={user},
parameters={user=roger.rabbit}], returnAttributes=[1.1],
searchScope=ONELEVEL, timeLimit=0, sizeLimit=0, derefAliases=null,
typesOnly=false, binaryAttributes=null, sortBehavior=UNORDERED,
searchEntryHandlers=null, searchReferenceHandlers=null, controls=null,
followReferrals=false, intermediateResponseHandlers=null]
Note returnAttributes=[1.1]. I believe that's logged to indicate default
behavior, which is no attributes. My hunch is that initialize is not being
called on your LdapAuthenticationHandler bean, which prepares the list of
return attributes from property values. Try adding the init-method
attribute to your bean definition as follows:
<bean id="ldapAuthenticationHandler"
class="org.jasig.cas.authentication.LdapAuthenticationHandler"
p:principalIdAttribute="uid"
c:authenticator-ref="authenticator"
init-method="initialize">
...
</bean>
You should see returnAttributes in the cas.log file with the attributes
you've configured. It's not working correctly until you see that.
Best,
M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
