Yes, I misunderstood this parameter, so I replace this part with only <entry key="username" value="uid" />
But it did'nt work too. A friend give me a working solution so I compared source code and see he doesn't use CredentialsToLDAPAttributePrincipalResolver bean. I remove it from my configuration and now it's works like a charm ! Thanks Sylvain Le 29/01/2015 19:38, John Gasper a écrit : > I don't think the queryAttributeMapping is working the way you think > it is... At least I've never been able to get it to work like that. > You'll need to split it up because "username" is essentially the > placeholder where the identity (jdoe) is inserted when the ldap query > runs. (unfortunately it is the key so multiple search attributes (uid, > mail, etc) can't be done here). > > Checkout > https://github.com/jtgasper3/raspberrypi-iam/blob/master/cas-war-overlay/src/main/webapp/WEB-INF/deployerConfigContext.xml. > > It has a split config that uses an inherited base bean config. > > --- > *John Gasper* > IAM Consultant > Unicon, Inc. > PGP/GPG Key: 0xbafee3ef > > On 1/29/15 5:47 AM, Sylvain DEROSIAUX wrote: >> Hi ! >> >> I want to use the /principalAttributeName/ feature following CAS >> documentation (https://wiki.jasig.org/display/casum/attributes) but >> it didn't work because my CAS (v3.5.3) cannot retrieve attributes >> from my LDAP (login is OK) : >> >> 2015-01-29 14:07:45,730 WARN >> [org.jasig.cas.CentralAuthenticationServiceImpl] - Principal [xxx] >> did not have attribute [mail] among attributes *[{}] *so CAS cannot >> provide on the validation response the user attribute the registered >> service *** expects. CAS will instead return the default username >> attribute [xxx] >> >> I have checked access to attributes with the user, it's ok. >> In the LDAP log, attributes are not requested : >> >> Jan 29 14:21:29 ldap-test slapd[2968]: conn=141942 op=1 SRCH >> base="ou=people,dc=univ-lille3,dc=fr" scope=2 deref=3 >> filter="(&(!(lille3BlockedDate=*))(|(eduPersonPrincipalName=xxx)(uid=xxx)(mail=xxx)))" >> Jan 29 14:21:29 ldap-test slapd[2968]: conn=141942 op=1 SRCH attr=1.1 >> ... >> Jan 29 14:21:29 ldap-test slapd[2968]: conn=141944 op=1 SRCH >> base="ou=people,dc=univ-lille3,dc=fr" scope=2 deref=3 >> filter="(|(eduPersonPrincipalName=xxx)(uid=xxx)(mail=xxx))" >> Jan 29 14:21:29 ldap-test slapd[2968]: conn=141944 op=1 SRCH attr=uid >> >> Now, here the relevant part from my /deployerConfigContext.xml/ file : >> >> The use of the attribute repository : >> >> <property name="credentialsToPrincipalResolvers"> >> <list> >> <bean >> class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver"> >> <!-- The Principal resolver form the credentials --> >> <property name="credentialsToPrincipalResolver"> >> <bean >> class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" >> >> /> >> </property> >> <property name="filter" >> value="(|(eduPersonPrincipalName=%u)(uid=%u)(mail=%u))" /> >> <property name="principalAttributeName" value="uid" /> >> <property name="searchBase" value="ou=people,dc=univ-lille3,dc=fr" /> >> <property name="contextSource" ref="contextSource" /> >> </bean> >> <bean >> class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" >> >> > >> <property name="attributeRepository" ref="attributeRepository" /> >> </bean> >> <bean >> class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" >> >> /> >> </list> >> </property> >> >> The configuration of the attribute repository : >> >> <bean id="attributeRepository" >> class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> >> <property name="baseDN" value="ou=people,dc=univ-lille3,dc=fr"/> >> <property name="contextSource" ref="contextSource" /> >> <property name="requireAllQueryAttributes" value="true"/> >> >> <property name="queryAttributeMapping"> >> <map> >> <entry key="uid" value="uid" /> >> <entry key="mail" value="mail" /> >> </map> >> </property> >> >> <property name="resultAttributeMapping"> >> <map> >> <entry key="uid" value="uid" /> >> <entry key="mail" value="mail" /> >> </map> >> </property> >> </bean> >> >> The configuration of the services : >> >> <bean id="serviceRegistryDao" >> class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> >> <property name="registeredServices"> >> <list> >> <bean class="org.jasig.cas.services.RegexRegisteredService"> >> <property name="id" value="0" /> >> <property name="name" value="Test" /> >> <property name="description" value="" /> >> <property name="serviceId" value="***" /> >> <property name="usernameAttribute" value="mail" /> >> <property name="evaluationOrder" value="0" /> >> <property name="allowedAttributes"> >> <list> >> <value>mail</value> >> </list> >> </property> >> </bean> >> ... >> </list> >> </property> >> </bean> >> >> Any help will be welcome :) >> >> Sylvain >> -- >> You are currently subscribed tocas-u...@lists.jasig.org >> as:jgas...@unicon.net >> To unsubscribe, change settings or access archives, >> seehttp://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > sylvain.derosi...@univ-lille3.fr > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- +---------------------------------------+ | Sylvain DEROSIAUX | | Administrateur Systèmes | | | | Direction des Systèmes d'Information | | Bureau A3-209 | | Domaine universitaire du Pont de bois | | BP 60149 59653 Villeneuve d'Ascq | | | | Tél : 03-20-41-69-47 | | Fax : 03-20-41-60-01 | +---------------------------------------+ | GNU/Linux Debian, what else ? | +---------------------------------------+ -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
