AttributesAttributes are controlled by the JA-SIG Person Directory project. Populate Principal's attributes with LDAP repositoryCredentialsToLDAPAttributePrincipalResolver lets you create and populate the principal with attributes extracted by JA-SIG Person Directory. Person Directory can rely on different types of context source (Database, LDAP...). We'll describe the LDAP way. CredentialsToLDAPAttributePrincipalResolver first calls a credentialsToPrincipalResolver to initiate the Principal from the credentials : If username/password is used, UsernamePasswordCredentialsToPrincipalResolver is ok. If client certificates are used, you should define a x509CertifcateCredentialsToPrincipal. Depending on the class you used, the teporary Principal will be initiated with a login or a certificate attribute as ID. This Principal's ID is then used to search a repository (here an LDAP server) for a corresponding entry : Based on the filter property, a LDAP request is forged to find the entry corresponding to the prinicpal's ID (ie login or certificate attribute). We now have a Principal corresponding to an LDAP entry. We now can populate this Principal with attributes. These attributes can come from the same repository or a different one. This repository is defined as attributeRepository of the CredentialsToLDAPAttributePrincipalResolver. The mapping between LDAP attributes and their names in principal's attributes map are defined in ldapAttributesToPortalAttributes of attributeRepository. You'll define here that the "name" attribute of the principal must be set by the "cn" attribute of the LDAP entry.
Here is a sample conf of deployerConfigContext.xml : <property name="credentialsToPrincipalResolvers"> <list> <bean class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver"> <!-- The Principal resolver form the credentials --> <property name="credentialsToPrincipalResolver"> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> </property> <!-- The query made to find the Principal ID. "%u" will be replaced by the resolved Principal --> <property name="filter" value="(uid=%u)" /> <!-- The attribute used to define the new Principal ID --> <property name="principalAttributeName" value="uid" /> <property name="searchBase" value="ou=people,o=company,c=fr" /> <property name="contextSource" ref="contextSource" /> <property name="attributeRepository"> <ref bean="attribRepository" /> </property> </bean> <!-- ..... the rest of the credentials to principal resolvers ..... +--> </list> </property> </bean> <!-- Define the contextSource and the attributeRepository : --> <bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> <property name="urls"> <list> <value>ldaps://ldap1/</value> <value>ldaps://ldap2/</value> </list> </property> <property name="userName" value="cn=manager,c=fr" /> <property name="password" value="xxxxxxxxxxxxx" /> </bean> <bean id="attribRepository" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> <property name="baseDN" value="ou=people,o=company,c=fr" /> <!-- This query is used to find the entry for populating attributes. {0} will be replaced by the new Principal ID extracted from the ldap--> <property name="query" value="(uid={0})" /> <property name="contextSource" ref="contextSource" /> <property name="ldapAttributesToPortalAttributes"> <map> <!-- Mapping beetween LDAP entry's attributes (key) and Principal"s (value) --> <entry key="cn" value="Name"/> <entry value="Telephone" key="telephoneNumber" /> <entry value="Fax" key="facsimileTelephoneNumber" /> </map> </property> </bean> |