Attributes

Table of Contents

Attributes

Attributes are controlled by the JA-SIG Person Directory project.

Populate Principal's attributes with LDAP repository

CredentialsToLDAPAttributePrincipalResolver lets you create and populate the principal with attributes extracted by JA-SIG Person Directory.

Person Directory can rely on different types of context source (Database, LDAP...).  We'll describe the LDAP way.

    CredentialsToLDAPAttributePrincipalResolver first calls a credentialsToPrincipalResolver to initiate the Principal from the credentials : If username/password is used, UsernamePasswordCredentialsToPrincipalResolver is ok. If client certificates are used, you should define a  x509CertifcateCredentialsToPrincipal. Depending on the class you used, the teporary Principal will be initiated with a login or a certificate attribute as ID.

This Principal's ID is then used to search a repository (here an LDAP server) for a corresponding entry : Based on the filter property, a LDAP request is forged to find the entry corresponding to the prinicpal's ID (ie login or certificate attribute).
The Principal ID is replaced with the principalAttributeName extracted from the LDAP entry : usually uid or cn LDAP attribute is used to create the new principal ID.

We now have a Principal corresponding to an LDAP entry. We now can populate this Principal with attributes. These attributes can come from the same repository or a different one. This repository is defined as attributeRepository of  the CredentialsToLDAPAttributePrincipalResolver.

The mapping between LDAP attributes and their names in principal's attributes map are defined in ldapAttributesToPortalAttributes of attributeRepository.  You'll define here that the "name" attribute of the principal must be set by the "cn" attribute of the LDAP entry.

 Here is a sample conf of deployerConfigContext.xml : 

<property name="credentialsToPrincipalResolvers">
			<list>
				<bean
					class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
					<!-- The Principal resolver form the credentials -->
					<property name="credentialsToPrincipalResolver">
						<bean
							class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />

					</property>
					<!-- The query made to find the Principal ID. "%u" will be replaced by the resolved Principal -->
					<property name="filter" value="(uid=%u)" />

					<!-- The attribute used to define the new Principal ID -->

					<property name="principalAttributeName" value="uid" />

					<property name="searchBase"
						value="ou=people,o=company,c=fr" />
					<property name="contextSource" ref="contextSource" />

					<property name="attributeRepository">
						<ref bean="attribRepository" />
					</property>

				</bean>

				<!--
				.....
 				the rest of the credentials to principal resolvers
				.....
				+-->
			</list>
		</property>
	</bean>


<!-- Define the contextSource and the attributeRepository : -->
	<bean id="contextSource"
		class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
		<property name="urls">
			<list>
				<value>ldaps://ldap1/</value>
				<value>ldaps://ldap2/</value>
			</list>
		</property>
		<property name="userName" value="cn=manager,c=fr" />
		<property name="password" value="xxxxxxxxxxxxx" />
	</bean>

	<bean id="attribRepository"
		class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
		<property name="baseDN"
			value="ou=people,o=company,c=fr" />
		<!-- This query is used to find the entry for populating attributes. {0} will be replaced by the new Principal ID extracted from the ldap-->
		<property name="query" value="(uid={0})" />

		<property name="contextSource" ref="contextSource" />
		<property name="ldapAttributesToPortalAttributes">
			<map>
				<!-- Mapping beetween LDAP entry's attributes (key) and Principal"s (value) -->
				<entry key="cn" value="Name"/>
				<entry value="Telephone" key="telephoneNumber" />
				<entry value="Fax" key="facsimileTelephoneNumber" />
			</map>
		</property>
	</bean>
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.