Hi,
I am trying to get the PersonAttributeMapper working correctly. I've
included the relevant snippets (sanitized with ###) of my
deployerConfigContext.xml, catalina.out, and ldap.log, in that order.
Everything works correctly except that the PersonAttributeMapper is not
executing the 2nd ldap search with any attributes (see ldap.log),
resulting in an empty attribute list. I have verified the attribute is
populated by comparing a direct ldap search. This is CAS-3.2.1.
Thanks for any help - Erik
---snippet deployerConfigContext.xml ---
<bean
class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttribute
PrincipalResolver">
<property name="credentialsToPrincipalResolver">
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredential
sToPrincipalResolver" />
</property>
<property name="filter" value="(###EduPersonGID=%u)" />
<property name="principalAttributeName" value="uid" />
<property name="searchBase"
value="ou=people,dc=###,dc=edu" />
<property name="contextSource" ref="contextSource" />
<property name="attributeRepository">
<ref bean="attributeRepository" />
</property>
</bean>
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"
>
<property name="baseDN"
value="ou=people,dc=###,dc=edu" />
<property name="query" value="(uid={0})" />
<property name="contextSource" ref="contextSource" />
<property name="ldapAttributesToPortalAttributes">
<map>
<entry key="eduPersonAffiliation"
value="eduPersonAffiliation" />
</map>
</property>
</bean>
<bean id="serviceRegistryDao"
class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
<property name="registeredServices">
<list>
<bean
class="org.jasig.cas.services.RegisteredServiceImpl"
p:id="1"
p:description="All"
p:serviceId="*://*.lib.###.edu/**"
p:name="All"
p:theme="default"
p:allowedToProxy="true"
p:enabled="true"
p:ssoEnabled="true"
p:anonymousAccess="false"
p:allowedAttributes="uid,eduPersonAffiliation">
</bean>
<bean
class="org.jasig.cas.services.RegisteredServiceImpl"
p:id="2"
p:description="All with ports"
p:serviceId="*://*.lib.###.edu:2048/**"
p:name="All with ports"
p:theme="default"
p:allowedToProxy="true"
p:enabled="true"
p:ssoEnabled="true"
p:anonymousAccess="false"
p:allowedAttributes="uid,###EduPersonGID,eduPersonAffiliation">
</bean>
</list>
---snippet deployerConfigContext.xml ---
---snippet catalina.out ---
> 2008-09-18 15:42:13,947 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandle
r successfully authenticated the user which provided the following
credentials: ###>
> 2008-09-18 15:42:13,947 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrinci
palResolver] - <Attempting to resolve a principal...>
> 2008-09-18 15:42:13,947 DEBUG
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPri
ncipalResolver] - <Attempting to resolve a principal...>
> 2008-09-18 15:42:13,947 DEBUG
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPri
ncipalResolver] - <Creating SimplePrincipal for [###]>
> 2008-09-18 15:42:13,948 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrinci
palResolver] - <Resolved ###. Trying LDAP resolve now...>
> 2008-09-18 15:42:13,949 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrinci
palResolver] - <LDAP search with filter "(###EduPersonGID=###)">
> 2008-09-18 15:42:13,949 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrinci
palResolver] - <returning searchcontrols: scope=2; search
base=ou=people,dc=###,dc=edu; attributes=[uid]; timeout=1000>
> 2008-09-18 15:42:14,278 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrinci
palResolver] - <Resolved ### to ###.###>
> 2008-09-18 15:42:14,278 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrinci
palResolver] - <Creating SimplePrincipal for [###.###]>
> 2008-09-18 15:42:14,338 WARN
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] -
<Converting value 0 of LDAP attribute 'eduPersonAffiliation' from byte[]
to String>
> 2008-09-18 15:42:14,343 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
ticket [ST-1-A1sxK09Lefq5IOIKUb56-cas] for service
[https://server.lib.###.edu/staff/phpcas/simple.php] for user [###.###]>
> 2008-09-18 15:44:17,317 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
ticket [ST-2-joTfeEMII1eBJsbGbtTq-cas] for service
[https://server.lib.###.edu/staff/phpcas/simple.php] for user [###.###]>
> 2008-09-18 15:46:44,754 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
ticket [ST-3-W0gcHgM05UYGXIXHj0LU-cas] for service
[http://server.lib.###.edu:2048/login?qurl=ezp.1aHR0cDovL3d3dy5saWIubW9u
dGFuYS5lZHUvcmVzZXJ2ZXMvYWNjdDUzMC8-] for user [###.###]>
---snippet catalina.out ---
---snippet ldap.log ---
> Sep 18 15:42:14 ### slapd[4200]: conn=125 fd=12 ACCEPT from
IP=###:50869 (IP=0.0.0.0:636)
> Sep 18 15:42:14 ### slapd[4200]: conn=125 fd=12 TLS established
tls_ssf=128 ssf=128
> Sep 18 15:42:14 ### slapd[4200]: conn=125 op=0 BIND dn="" method=128
> Sep 18 15:42:14 ### slapd[4200]: conn=125 op=0 RESULT tag=97 err=0
text=
> Sep 18 15:42:14 ### slapd[4200]: conn=125 op=1 SRCH
base="ou=people,dc=###,dc=edu" scope=2 deref=3 filter="(###=###)"
> Sep 18 15:42:14 ### slapd[4200]: conn=125 op=1 SRCH attr=uid
> Sep 18 15:42:14 ### slapd[4200]: conn=125 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
> Sep 18 15:42:14 ### slapd[4200]: conn=125 op=2 UNBIND
> Sep 18 15:42:14 ### slapd[4200]: conn=125 fd=12 closed
> Sep 18 15:42:14 ### slapd[4200]: conn=126 fd=12 ACCEPT from
IP=###:50870 (IP=0.0.0.0:636)
> Sep 18 15:42:14 ### slapd[4200]: conn=126 fd=12 TLS established
tls_ssf=128 ssf=128
> Sep 18 15:42:14 ### slapd[4200]: conn=126 op=0 BIND dn="" method=128
> Sep 18 15:42:14 ### slapd[4200]: conn=126 op=0 RESULT tag=97 err=0
text=
> Sep 18 15:42:14 ### slapd[4200]: conn=126 op=1 SRCH
base="ou=people,dc=###,dc=edu" scope=2 deref=3 filter="(uid=###.###)"
> Sep 18 15:42:14 ### slapd[4200]: conn=126 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
> Sep 18 15:42:14 ### slapd[4200]: conn=126 op=2 UNBIND
> Sep 18 15:42:14 ### slapd[4200]: conn=126 fd=12 closed
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
