LDAP DN Value from LDAP

65 views
Skip to first unread message

Colin Ryan

unread,
Dec 1, 2020, 4:06:21 PM12/1/20
to cas-...@apereo.org

Folks,

I'm running CAS 6.2.3.

Authenticating to a CentOS 389 Directory LDAP Server. Authentication is all good. Finally even appeared to solve my ePerssonDirectory attribute extraction configuration issues. However I'm unable to get the DN of the users LDAP entry to resolve.


389 Directory does not store the DN as a physical attribute in it's raw database but if you query for it it will return it (ala "ldapsearch -b <suffix> <filter> dn"


I tried the:

cas.authn.ldap[0].collect-dn-attribute=true

directive to no avail.

As well as adding reference to it both in the LDAP as authentication source and as attribute repository. No luck?


cas.authn.ldap[0].principal-attribute-list=uid,sn,cn:commonName,givenName,inetUserStatus,dn
cas.authn.attribute-repository.ldap[0].attributes.dn: dn




Any suggestions. My LDAP is essentially a multi-tenant instance and the only "org" parameters in the user entries are represented by the RDN components of the DN value.


Sincerely.

Colin


Daniel Fisher

unread,
Dec 1, 2020, 8:29:52 PM12/1/20
to cas-...@apereo.org
On Tue, Dec 1, 2020 at 4:06 PM Colin Ryan <col...@caveo.ca> wrote:

Folks,

I'm running CAS 6.2.3.

Authenticating to a CentOS 389 Directory LDAP Server. Authentication is all good. Finally even appeared to solve my ePerssonDirectory attribute extraction configuration issues. However I'm unable to get the DN of the users LDAP entry to resolve.


I'm not too familiar with CAS configuration, but you want to enable the DN_ATTRIBUTE_ENTRY handler:

https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties-Common.html#ldap-search-entry-handlers

--Daniel Fisher

Colin Ryan

unread,
Dec 2, 2020, 11:59:33 AM12/2/20
to cas-...@apereo.org

Daniel,


Bingo..Thank you sir. In my case I also needed the directive to identify the attribute that causes a DN to be returned.

cas.authn.attribute-repository.ldap[0].search-entry-handlers[0].type: DN_ATTRIBUTE_ENTRY
cas.authn.attribute-repository.ldap[0].search-entry-handlers[0].dn-attribute.dn-attribute-name: dn


Cheers folks

Colin

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFC6YwT4ozbBvEfxZrspoEpS5LdXKYgv4X06DzW3q%3D2y9XN_Nw%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages