My experience with memberOf and certain LDAP implementations, is that it can be considered an operational attribute, so must be explicitly listed as a requested attribute. This might be cas.authn.attributeRepository.attributes
https://apereo.github.io/cas/5.0.x/installation/Configuration-Properties.html#authentication-attributes Tom. > On Mar 24, 2017, at 11:07 AM, Harry@DHD <[email protected]> wrote: > > Hello there > > Even though I manged to get authenticated against ldap > > I am not able to get any memberOf attributes back no matter what > configurations I try. > > on my local ldap I search with > > ldapsearch -x -LLL -H ldap:/// -b uid=billythekid,ou=people,dc=example,dc=com > dn memberOf > > To get back a responce with > > dn: uid=billythekid,ou=people,dc=example,dc=com > memberOf: cn=freejumper,ou=groups,dc=example,dc=com > > But not in cas ... > > Here is my ldap related conf > > Thanks for your help. > > Regards. > > ------------------------------------------------------------------------------------------------ > > cas.authn.ldap[0].type=AUTHENTICATED > cas.authn.ldap[0].ldapUrl=ldaps://ldap.example.com > cas.authn.ldap[0].useSsl=true > cas.authn.ldap[0].connectTimeout=5000 > cas.authn.ldap[0].baseDn=dc=example,dc=com > cas.authn.ldap[0].userFilter=uid={user} > cas.authn.ldap[0].subtreeSearch=true > cas.authn.ldap[0].usePasswordPolicy=false > cas.authn.ldap[0].bindDn=cn=admin,dc=example,dc=com > cas.authn.ldap[0].bindCredential=xxxxxxxxxxxx > cas.authn.ldap[0].minPoolSize=3 > cas.authn.ldap[0].maxPoolSize=10 > cas.authn.ldap[0].validateOnCheckout=true > cas.authn.ldap[0].validatePeriodically=true > cas.authn.ldap[0].validatePeriod=600 > cas.authn.ldap[0].principalAttributeId=uid > cas.authn.ldap[0].allowMultipleDns=true > cas.authn.ldap[0].enhanceWithEntryResolver=true > cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider > > cas.authn.attributeRepository.ldap.ldapUrl=ldaps://ldap.example.com > cas.authn.attributeRepository.ldap.useSsl=true > cas.authn.attributeRepository.ldap.useStartTls=false > cas.authn.attributeRepository.ldap.connectTimeout=5000 > cas.authn.attributeRepository.ldap.baseDn=dc=example,dc=com > cas.authn.attributeRepository.ldap.userFilter=uid={user} > cas.authn.attributeRepository.ldap.subtreeSearch=true > cas.authn.attributeRepository.ldap.bindDn=cn=admin,dc=example,dc=com > cas.authn.attributeRepository.ldap.bindCredential=xxxxxxxxxxxx > cas.authn.attributeRepository.ldap.minPoolSize=3 > cas.authn.attributeRepository.ldap.maxPoolSize=10 > cas.authn.attributeRepository.ldap.validateOnCheckout=true > cas.authn.attributeRepository.ldap.validatePeriodically=true > cas.authn.attributeRepository.ldap.validatePeriod=600 > cas.authn.attributeRepository.ldap.failFast=true > cas.authn.attributeRepository.ldap.idleTime=500 > cas.authn.attributeRepository.ldap.prunePeriod=600 > cas.authn.attributeRepository.ldap.blockWaitTime=5000 > cas.authn.attributeRepository.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider > > ------------------------------------------------------------------------------------------------------------------------------------------------ > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/455d87ca-d7b1-dcf7-bb00-f038b529303e%40gmail.com. -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8EBE306E-1E58-403F-80FD-37323A9A2D7D%40ucdavis.edu.
