[cas-user] Loosing LDAP attributes along the way in CAS 4.1.0.

Sat, 26 Sep 2015 04:23:38 -0700 

Hi all, I’m a bit lost at what’s happening here, perhaps someone of you could 
give me a hint.

We’ve got a working 4.0.x environment which I am currently looking into 
upgrading to 4.1.x. We currently do authentication via SPNEGO or JAAS and use 
an LDAP principal resolver to get user attributes and this works well. I.e., we 
don’t use LDAP bind and let the LDAP authenticator resolve attributes directly. 
We may in the future, but would still need to get the additional principal 
resolver working for SPNEGO and other authentication methods.

For the 4.1.x I’ve ran into a problem where I don’t seem to get all the 
attributes. I changed the configuration from Spring to ldaptive LDAP to be more 
in line with what seems to be the standard now, but the problem remains and 
I’ve been trying to figure out why. 

As you can see from the log snippet the (LdaptivePersonAttributeDao) principal 
resolver gets all the attributes from LDAP that I want, but a couple of lines 
further down when control is back with the authentication manager, some of the 
attributes are lost. 

2015-09-26 13:06:55,414 DEBUG 
[org.jasig.services.persondir.support.ldap.LdaptivePersonAttributeDao] - 
<Converted ldap DN entry [CN=Fredrik Jönsson 
(fjo),OU=employees,OU=USERS,OU=UG,DC=REF,DC=UG,DC=KTH,DC=SE] to attribute map 
{mail=[f...@kth.se], givenName=[Fredrik], name=[Fredrik Jönsson (fjo)], 
ugPrimaryAffiliation=[staff], sn=[Jönsson], ugKthid=[u1fjolle], 
ugAffiliation=[member, staff, employee], sAMAccountName=[fjo]}>
2015-09-26 13:06:55,435 DEBUG 
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - 
<org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver@18108dae
 resolved fjo from fjo+password>
2015-09-26 13:06:55,448 INFO 
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - 
<Authenticated fjo with credentials [fjo+password].>
2015-09-26 13:06:55,451 DEBUG 
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <Attribute 
map for fjo: {mail=f...@kth.se, familyName=Jönsson, fullName=Fredrik Jönsson 
(fjo)}>

Any hints of where I should look?

Best regards,
/Fredrik
-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to