On Thu, Oct 13, 2016 at 05:19:19PM -0500, Richard Frovarp wrote:
>I'm very confused as to how to do attribute lookup with CAS 5.
>
>In the actual service entry I have the return all attributes policy, so that
>shouldn't be hanging me up.
>
>I am doing AD / LDAP authentication, and it's also where my attributes are
>at.
>
>I don't see how
>
>cas.authn.attributeRepository.attributes.uid=uid
>
>does anything, because if I add another attribute there, nothing happens.
>
>I don't see cas.authn.attributeRepository.ldap group of entries doing
>anything.
>
>I also don't see cas.authn.ldap[0].additionalAttributes doing much.
>
>If I set cas.authn.ldap[0].principalAttributeList to have more attributes, it
>appears to work. But it's also including uid, which isn't in my list. Is that
>because of the entry above?
>
>Do I even need to have the cas.authn.attributeRepository.ldap section?
cas.authn.attributeRepository.attributes.* are used as defaults unless set
otherwise and can have unexpected results (see my earlier post re cn being
remapped by
cas.authn.attributeRepository.attributes.cn=commonName) I
believe these may be deprecated or changed in future releases.
I define all the attributes in cas.authn.ldap[0].principalAttributeList
Since we release all of them by default, what I actually do is define a
variable, and use that to factor out the list of attributes so I don't
have to replicate it in multipe places. YMMV.
our.default.attributes=\
cn,\
displayName,\
... etc ...
mail,\
uid
cas.authn.ldap[0].principalAttributeList=${our.default.attributes}
cas.authn.attributeRepository.defaultAttributesToRelease=${our.default.attributes}
>I know it's an RC and that the documentation isn't complete, but it feels
>like something is missing. Feels odd to be doing it in the authn area instead
>of the ldap entries under attributeRepository.
>
>Thanks,
>
>Richard
Aloha,
-baron
--
Baron Fujimoto <
ba...@hawaii.edu> :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum