I'd like to include group membership as one of the attributes in our CAS
deployment. However, we don't currently implement the memberOf attribute
in our LDAP deployment, to get a users groups, you need to query on
memberUid=<username> and enumerate the groups returned.
I thought I had worked out a way to do it within the persondir framework:
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<property name="contextSource" ref="ldapAttrPooledContextSource"/>
<property name="baseDN" value="ou=group,dc=csupomona,dc=edu" />
<property name="requireAllQueryAttributes" value="true" />
<property name="queryAttributeMapping">
<map>
<entry key="username" value="memberUid" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="uid" value="memberOf"/>
</map>
</property>
</bean>
This does work, to a degree; a memberOf attribute is added to the user,
but only a single one, for the first group returned by the query.
Is there any way to get this to populate attributes based on all of the
results of the query, rather than just the first one? Or perhaps a
better more recommended way to add a group membership attribute from an
LDAP directory without the memberOf attribute populated for the user object?
Thanks…
--
Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst | hen...@csupomona.edu
California State Polytechnic University | Pomona CA 91768
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
