Hi,
I am using SAML to pass user attributes over the wire from CAS.
It is working very well, but I was wondering if there was any means of
passing the LDAP distinguished name (dn) of the user as an attribute?
I am using OpenLDAP and eDirectory, and unlike Active Directory neither of
these LDAP servers store the distinguished name as an attribute of the user
object.
Is there something in the resultAttributeMapping property of
the attributeRepository bean that would enable the DN of the user LDAP
object to be returned as a SAML attribute?
I doubt there is, but I figure it is worth asking...
Regards,
David
For reference here's my Spring configuration for the attributeRepository
bean:
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<property name="contextSource" ref="contextSource" />
<property name="baseDN" value="${ldap.authentication.base}" />
<property name="requireAllQueryAttributes" value="false" />
<property name="queryAttributeMapping">
<map>
<entry key="username" value="cn" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="cn" value="username" />
<entry key="mail" value="emailAddress" />
<entry key="displayName" value="firstName" />
<entry key="sn" value="lastName" />
<entry key="groupMembership" value="groupMembership" />
</map>
</property>
</bean>
--
You are currently subscribed to cas-dev@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev
