Hi Scott
That last bit was my own question tagged on at the end :-)
>>> There's documentation in the wiki on using PersonDirectory to load
additional attributes. However, you'll either need to customize your
CAS response payload or utilize SAML 1.1 to actually send that
information to the clients. None of the CAS clients will currently
automatically extract that information and use it to do things like
isUserInRole
Thanks for this info. I'll try it out in the morning when I am back in the
office. All I need to do is load the Roles (from LDAP via a query I already
have) and put them into the HTTP Session where my existing apps can get hold of
them. I took the latest source from Subversion before I left for the day so
I'll have a look at that and try and figure it out. I guess I'll need to write
my own 'CustomPersonAttributeDaoImpl'.
The docs on this page (http://www.ja-sig.org/wiki/display/UPC/PersonDirectory)
sound like what I need and this method sounds like what I need to use:
public Map getUserAttributes(final String uid);
Does the returned Map of attributes get put into the session? Please let me
know if I am on the wrong track.
Regards
Richard
Date: Mon, 28 Apr 2008 14:14:03 -0400
From: [EMAIL PROTECTED]
To: [email protected]
Subject: Re: CAS3.0.7 + LDAP configuration -- urgent help request!!
On Mon, Apr 28, 2008 at 1:36 PM, Richard Gundersen <[EMAIL PROTECTED]> wrote:
Hi
I have been going through the same hell today so maybe I can try and answer a
couple of your questions:
1. Can CAS 3.0.7 configure LDAP or I have to upgrade to the most recent version?
>> Probably. Try following this guide:
>> http://www.ja-sig.org/wiki/display/CASUM/LDAP, it worked for me.
2. If I want to configure CAS 3.0.7 to LDAP, I don't find porn.xml in webapps.
>> It's called pom.xml (not porn) and I think it's in a subdirectory under
>> /META-INF
That's actually incorrect (well not the part about it not being called porn
;-)). CAS 3.0.7 doesn't use Maven2 and thus won't have a pom.xml. In
addition, you want to edit the pom.xml in the CAS_HOME/cas-server-webapp from
the CAS 3.2.1 distribution.
3. where should I put the following code in deployerConfigContext.xml?
>> I think it's in Web.xml. If you follow that guide in (1) it explains what
>> you need to change. There a quite a few options to change, but I found if I
>> went through each one systematically, I eventually got the config right. It
>> helps if you have some config from something else that connects to your LDAP
>> server (some other app) that you can look at for the correct syntax (LDAP
>> connection syntax can vary a bit depending on which LDAP server you are
>> using. Also, have an LDAP browser handy so you can see your directory
>> structure. That will also help.
deployerConfigContext.xml is its own file located in
CAS_HOME/cas-server-webapp/WEB-INF
4. I don't understand the following piece code from ldap
<property name="userName" value="{bind_username_goes_here}"/>
<property name="password" value="{bind_user_password_goes_here}"/>
>> put your LDAP administrator username and password in there. So, whereas with
>> MySQL you have root/mypassword, put in the corresponding values for LDAP
>> instead. I can't remember if I kept the {} braces - they may not be required
>> if you put the literal username/password in. Try with and without.
If you know how to populate roles etc into the session principal (either with
MySQL or LDAP) please let me know :)
There's documentation in the wiki on using PersonDirectory to load additional
attributes. However, you'll either need to customize your CAS response payload
or utilize SAML 1.1 to actually send that information to the clients. None of
the CAS clients will currently automatically extract that information and use
it to do things like isUserInRole
-Scott
Regards
Richard
> Date: Mon, 28 Apr 2008 10:59:43 -0500
> From: [EMAIL PROTECTED]
> To: [email protected]; [EMAIL PROTECTED]
> Subject: CAS3.0.7 + LDAP configuration -- urgent help request!!
>
> first, I have my CAS 3.0.7 up and running for mysql server.
>
> I am using CAS 3.0.7. I plan to configure CAS 3.0.7 with LDAP. I have
> LDAP server.
> Now when I refer to page http://www.ja-sig.org/wiki/display/CASUM/LDAP
> to help me configure and I find something missing in my CAS 3.0.7. I
> have few questions
> 1. Can CAS 3.0.7 configure LDAP or I have to upgrade to the most recent
> version?
>
> 2. If I want to configure CAS 3.0.7 to LDAP, I don't find porn.xml in
> webapps. How do I add porn.xml portion into it? Can I just copy porn.xml
> file into my CAS 3.0.7's webapps folder? if not, where do I add the
> following piece
>
> <dependency>
> <groupId>${project.groupId}</groupId>
> <artifactId>cas-server-support-ldap</artifactId>
> <version>${project.version}</version>
> </dependency>
>
>
>
> 3. where should I put the following code in deployerConfigCpntext.xml? I
> attached my deployerConfigCpntext.xml.for you to take a look if it's
> right I put that piece. Also, when I add the ldap part into
> deployerConfigCpntext.xml, do I need to comment out my mysql connection
> bean?
>
> 4. I don't understand the following piece code from ldap
>
> <property name="userName" value="{bind_username_goes_here}"/>
> <property name="password"
> value="{bind_user_password_goes_here}"/>
>
> Do I need to change anything above?
>
>
> Edward
Get fish-slapping on Messenger Play Now!
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
_________________________________________________________________
Bag extra points with the Walkers Brit Trip Game
http://www.walkersbrittrips.co.uk/game_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
