CAS 5.0.3 won't fetch the memberOf attributes

[Harry@DHD]

Hello there

Even though I manged to get authenticated against ldap

I am not able to get any memberOf attributes back no matter what
configurations I try.

on my local ldap I search with

ldapsearch -x -LLL -H ldap:/// -b
uid=billythekid,ou=people,dc=example,dc=com dn memberOf

To get back a responce with

dn: uid=billythekid,ou=people,dc=example,dc=com
memberOf: cn=freejumper,ou=groups,dc=example,dc=com

But not in cas ...

Here is my ldap related conf

Thanks for your help.

Regards.

------------------------------------------------------------------------------------------------

cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldaps://ldap.example.com
cas.authn.ldap[0].useSsl=true
cas.authn.ldap[0].connectTimeout=5000
cas.authn.ldap[0].baseDn=dc=example,dc=com
cas.authn.ldap[0].userFilter=uid={user}
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].usePasswordPolicy=false
cas.authn.ldap[0].bindDn=cn=admin,dc=example,dc=com
cas.authn.ldap[0].bindCredential=xxxxxxxxxxxx
cas.authn.ldap[0].minPoolSize=3
cas.authn.ldap[0].maxPoolSize=10
cas.authn.ldap[0].validateOnCheckout=true
cas.authn.ldap[0].validatePeriodically=true
cas.authn.ldap[0].validatePeriod=600
cas.authn.ldap[0].principalAttributeId=uid
cas.authn.ldap[0].allowMultipleDns=true
cas.authn.ldap[0].enhanceWithEntryResolver=true
cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider

cas.authn.attributeRepository.ldap.ldapUrl=ldaps://ldap.example.com
cas.authn.attributeRepository.ldap.useSsl=true
cas.authn.attributeRepository.ldap.useStartTls=false
cas.authn.attributeRepository.ldap.connectTimeout=5000
cas.authn.attributeRepository.ldap.baseDn=dc=example,dc=com
cas.authn.attributeRepository.ldap.userFilter=uid={user}
cas.authn.attributeRepository.ldap.subtreeSearch=true
cas.authn.attributeRepository.ldap.bindDn=cn=admin,dc=example,dc=com
cas.authn.attributeRepository.ldap.bindCredential=xxxxxxxxxxxx
cas.authn.attributeRepository.ldap.minPoolSize=3
cas.authn.attributeRepository.ldap.maxPoolSize=10
cas.authn.attributeRepository.ldap.validateOnCheckout=true
cas.authn.attributeRepository.ldap.validatePeriodically=true
cas.authn.attributeRepository.ldap.validatePeriod=600
cas.authn.attributeRepository.ldap.failFast=true
cas.authn.attributeRepository.ldap.idleTime=500
cas.authn.attributeRepository.ldap.prunePeriod=600
cas.authn.attributeRepository.ldap.blockWaitTime=5000
cas.authn.attributeRepository.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider

------------------------------------------------------------------------------------------------------------------------------------------------

[Tom Poage]

My experience with memberOf and certain LDAP implementations, is that it can be considered an operational attribute, so must be explicitly listed as a requested attribute. This might be cas.authn.attributeRepository.attributes

https://apereo.github.io/cas/5.0.x/installation/Configuration-Properties.html#authentication-attributes

Tom.

> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- You received this message because you are subscribed to the Google Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/455d87ca-d7b1-dcf7-bb00-f038b529303e%40gmail.com.