Hi,
As this is my first post here: welcome everyone!
I have a problem with CAS 3.5.3. We are authenticating against two LDAP
servers, our own and external. The second one has very strict access
policy and we can't change its configuration. User can access only his
attributes, nothing else, even the tree he is in.
We are able to successfully authenticate using
FastBindLdapAuthenticationHandler, but it doesn't return attributes (I
believe it binds anonymously to fetch attributes, which is not allowed by
this server). All I see with DEBUG enabled is [{}] as attributes returned.
I was unable to configure BindLdapAuthenticationHandler with this server.
Let's say we are authenticating as user "123" on "server", who has DN:
uid=123, ou=People, cn=test (Base DN: ou=People, cn=test)
The only proper way to fetch user's record on this server would be:
ldapsearch -L -W -x -H ldaps://server \
-b "ou=People, cn=test" \
-D "uid=123, ou=People, cn=test" \
"uid=123"
Our configuration (shortened and without first source):
<bean id="secondLDAPSource"
class="org.springframework.ldap.core.support.LdapContextSource">
<property name="pooled" value="false"/>
<property name="url" value="ldap://server"; />
<!-- baseEnvironmentProperties -->
</bean>
<bean id="secondAttributeRepository"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<property name="contextSource" ref="secondLDAPSource" />
<property name="baseDN" value="ou=People, cn=test" />
<property name="requireAllQueryAttributes" value="false" />
<!-- mapping -->
</bean>
<bean id="secondLdapAuthHandler"
class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler"
p:filter="uid=%u, ou=People, cn=test"
p:contextSource-ref="secondLDAPSource" />
<!-- doesn't work -->
<!--
<bean id="secondLdapAuthHandler"
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
p:filter="uid=%u"
p:searchBase="ou=People, cn=test"
p:contextSource-ref="secondLDAPSource" />
-->
<bean id="secondResolver"
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
>
<property name="attributeRepository" ref="secondAttributeRepository" />
</bean>
<bean id="authenticationManager"
class="org.jasig.cas.authentication.LinkedAuthenticationHandlerAndCredentialsToPrincipalResolverAuthenticationManager">
<constructor-arg index="0">
<map>
<entry key-ref="HttpAuthHandler" value-ref="HttpResolver" />
<entry key-ref="firstLdapAuthHandler" value-ref="firstResolver" />
<entry key-ref="secondLdapAuthHandler" value-ref="secondResolver" />
</map>
</constructor-arg>
</bean>
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl">
<property name="personAttributeDaos">
<list>
<ref bean="firstAttributeRepository" />
<ref bean="secondAttributeRepository" />
</list>
</property>
</bean>
I tried using authenticationSource on LdapContextSource, but all I got was
a lot of Java exceptions related to Spring.
How can I access user's attributes using this person credentials?
--
Borys Pogoreło
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
