[cas-user] LDAP Attributes and Extended Schema

168 views
Skip to first unread message

Jeffrey Simpson

unread,
Sep 7, 2011, 3:28:18 PM9/7/11
to cas-...@lists.jasig.org
Using LDAP I have been able to login, query attributes and send the attributes back to the client if the attributes are the standard LDAP attributes. We are using MS Active Directory as our LDAP server and we have extended the Person Object Schema. I have not not been able to query the added attributes. So no problem with cn and userPrincipleName but no go with our added attribute SecurityQuestion. I have checked the log and the problem is not in sending them out but the SecurityQuestion is not put in the User's Attribute map.
I have written a Java class and can get these attributes no problem. Any ideas? Below is my deployerConfigContext.xml


<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<bean id="authenticationManager"
class="org.jasig.cas.authentication.LinkedAuthenticationHandlerAndCredentialsToPrincipalResolverAuthenticationManager">
<constructor-arg index="0">
<map>
<entry key-ref="Staff-LdapAuthHandler" value-ref="Staff-LdapCredentialtoPrincipalResolver" />
<entry key-ref="HTTPAuthHandler" value-ref="HTTPCredentialtoPrincipalResolver" />
</map>
</constructor-arg>
</bean>

<bean id="HTTPCredentialtoPrincipalResolver"
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />

<bean id="HTTPAuthHandler" class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" />
<bean id="Staff-LdapAuthHandler"
class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" >
<property name="filter" value="%u...@YFUUSA.Local" />
<property name="contextSource" ref="contextSource" />
<property name="ignorePartialResultException" value="yes" />
</bean>
<bean id="contextSource"
class="org.springframework.ldap.core.support.LdapContextSource">
<property name="pooled" value="false"/>
<property name="url" value="ldap://dc1.yfuusa.local:3268/DC=YFUUSA,DC=Local" />
<!-- <value>ldap://dc2.yfuusa.local:389/DC=YFUUSA,DC=Local</value> -->
<!-- Place JNDI environment properties here. -->
<property name="baseEnvironmentProperties">
<map>
<!-- Three seconds is an eternity to users. -->
<entry key="com.sun.jndi.ldap.connect.timeout" value="3000" />
<entry key="com.sun.jndi.ldap.read.timeout" value="3000" />

<!-- Explained at http://download.oracle.com/javase/1.3/docs/api/javax/naming/Context.html#SECURITY_AUTHENTICATION -->
<entry key="java.naming.security.authentication" value="simple" />
</map>
</property>
<property name="userDn" value="CN=HIDEME,CN=Users,DC=YFUUSA,DC=Local" />
<property name="password" value="SECRET" />

</bean>

<bean id="Staff-LdapCredentialtoPrincipalResolver"
class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
<property name="credentialsToPrincipalResolver">
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />

</property>
<property name="filter" value="(sAMAccountName=%u)" />

<property name="principalAttributeName" value="sAMAccountName" />
<property name="scope" value="2" />

<property name="searchBase" value="" />
<property name="contextSource" ref="contextSource" />

<property name="attributeRepository">
<ref bean="attributeRepository" />
</property>

</bean>


<sec:user-service id="userDetailsService">
<sec:user name="hideme" password="notused" authorities="ROLE_ADMIN" />
</sec:user-service>

<bean id="attributeRepository"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<property name="contextSource" ref="contextSource" />
<property name="baseDN" value="" />
<property name="requireAllQueryAttributes" value="false" />

<property name="queryAttributeMapping">
<map>
<entry key="username" value="sAMAccountName" />
</map>
</property>

<property name="resultAttributeMapping">
<map>
<entry key="cn" value="Name"/>
<entry key="userPrincipalName" value="userPrincipalName" />
<entry key="memberOf" value="group" />
<entry key="distinguishedName" value="distinguishedName" />
<entry key="securityQuestion" value="securityQuestion" />
</map>
</property>
</bean>
<bean
id="serviceRegistryDao"
class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
<property name="registeredServices">
<list>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="0" />
<property name="name" value="LocalMy.YFU" />
<property name="description" value="Only Allows HTTPS Urls" />
<property name="serviceId" value="http://chekov:10000/cgi-bin/WebObjects/WOYFUJava.woa/wa/TemporaryDirectAction/casLogin" />
<property name="allowedAttributes">
<list>
<value>group</value>
<value>Name</value>
<value>userPrincipalName</value>
<value>distinguishedName</value>
<value>pfoId</value>
<value>securityQuestion</value>
</list>
</property>
<property name="anonymousAccess" value="true"/>
</bean>
</list>
</property>
</bean>

<bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
</beans>


Jeffrey Simpson
Senior Software Engineer
Telephone: 240.235.2144
Fax: 240.235.2174
sim...@yfu.org

Youth For Understanding (YFU) prepares young people for their responsibilities and opportunities in a changing, interdependent world.

--
You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

Marvin Addison

unread,
Sep 9, 2011, 11:17:54 AM9/9/11
to cas-...@lists.jasig.org
> I have checked the log and the problem is not in sending them out but the
> SecurityQuestion is not put in the User's Attribute map.

Turn up the logging on the org.jasig category to DEBUG and post some
log excerpts that confirm this. PersonDirectory components log
resolved attributes and I believe there are some clear CAS logs that
indicate what attributes are sent to clients. (Pretty sure I added
that logging at some point to facilitate debugging in cases like
these.)

In any case I doubt the schema customizations are the cause.

M

Jeffrey Simpson

unread,
Sep 12, 2011, 12:32:31 PM9/12/11
to cas-...@lists.jasig.org, The Community discussion list is for questions, comments, feedback and issues associated with CAS and its clients. digest
Thanks for the reply. I did some more digging and noticed that I was using the AD Global Catalog. This got rid of the org.springframework.ldap.PartialResultException I was getting earlier but the AD global catalog does not have all of the attributes. So I guess this comes down to trying to find a way of getting rid of the PartialResultException or living with then applications having to do another query. I have ignorePartialResultException set on my FastBindLdapAuthenticationHandler. Is there a way to set that on the CredentialsToLDAPAttributePrincipalResolver?

Below is a chunk of my log when I do not use the Global Catalog.


>
2011-09-12 12:04:47,063 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated service for: http://chekov:10000/cgi-bin/WebObjects/WOYFUJava.woa/wa/TemporaryDirectAction/casLogin>
2011-09-12 12:04:47,063 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated service for: http://chekov:10000/cgi-bin/WebObjects/WOYFUJava.woa/wa/TemporaryDirectAction/casLogin>
2011-09-12 12:04:54,652 DEBUG [org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler] - <Performing LDAP bind with credential: sim...@YFUUSA.Local>
2011-09-12 12:04:54,652 DEBUG [org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler] - <Performing LDAP bind with credential: sim...@YFUUSA.Local>
2011-09-12 12:04:54,652 DEBUG [org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler] - <Performing LDAP bind with credential: sim...@YFUUSA.Local>
2011-09-12 12:04:54,657 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <Attempting to resolve a principal...>
2011-09-12 12:04:54,657 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <Attempting to resolve a principal...>
2011-09-12 12:04:54,657 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <Attempting to resolve a principal...>
2011-09-12 12:04:54,657 DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] - <Attempting to resolve a principal...>
2011-09-12 12:04:54,657 DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] - <Attempting to resolve a principal...>
2011-09-12 12:04:54,657 DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] - <Attempting to resolve a principal...>
2011-09-12 12:04:54,657 DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] - <Creating SimplePrincipal for [simpson]>
2011-09-12 12:04:54,657 DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] - <Creating SimplePrincipal for [simpson]>
2011-09-12 12:04:54,657 DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] - <Creating SimplePrincipal for [simpson]>
2011-09-12 12:04:54,659 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <Resolved simpson. Trying LDAP resolve now...>
2011-09-12 12:04:54,659 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <Resolved simpson. Trying LDAP resolve now...>
2011-09-12 12:04:54,659 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <Resolved simpson. Trying LDAP resolve now...>
2011-09-12 12:04:54,659 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <LDAP search with filter "(sAMAccountName=simpson)">
2011-09-12 12:04:54,659 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <LDAP search with filter "(sAMAccountName=simpson)">
2011-09-12 12:04:54,659 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <LDAP search with filter "(sAMAccountName=simpson)">
2011-09-12 12:04:54,659 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <returning searchcontrols: scope=2; search base=; attributes=[sAMAccountName]; timeout=1000>
2011-09-12 12:04:54,659 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <returning searchcontrols: scope=2; search base=; attributes=[sAMAccountName]; timeout=1000>
2011-09-12 12:04:54,659 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <returning searchcontrols: scope=2; search base=; attributes=[sAMAccountName]; timeout=1000>
2011-09-12 12:04:54,668 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <Resolved simpson to simpson>
2011-09-12 12:04:54,668 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <Resolved simpson to simpson>
2011-09-12 12:04:54,668 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <Resolved simpson to simpson>
2011-09-12 12:04:54,668 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <Creating SimplePrincipal for [simpson]>
2011-09-12 12:04:54,668 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <Creating SimplePrincipal for [simpson]>
2011-09-12 12:04:54,668 DEBUG [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver] - <Creating SimplePrincipal for [simpson]>
2011-09-12 12:04:54,668 DEBUG [org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] - <Created seed map='{username=[simpson]}' for uid='simpson'>
2011-09-12 12:04:54,668 DEBUG [org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] - <Created seed map='{username=[simpson]}' for uid='simpson'>
2011-09-12 12:04:54,668 DEBUG [org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] - <Created seed map='{username=[simpson]}' for uid='simpson'>
2011-09-12 12:04:54,668 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - <Adding attribute 'sAMAccountName' with value '[simpson]' to query builder 'null'>
2011-09-12 12:04:54,668 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - <Adding attribute 'sAMAccountName' with value '[simpson]' to query builder 'null'>
2011-09-12 12:04:54,668 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - <Adding attribute 'sAMAccountName' with value '[simpson]' to query builder 'null'>
2011-09-12 12:04:54,672 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - <Generated query builder '(sAMAccountName=simpson)' from query Map {username=[simpson]}.>
2011-09-12 12:04:54,672 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - <Generated query builder '(sAMAccountName=simpson)' from query Map {username=[simpson]}.>
2011-09-12 12:04:54,672 DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - <Generated query builder '(sAMAccountName=simpson)' from query Map {username=[simpson]}.>
2011-09-12 12:04:54,724 WARN [org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] - <Recovering From Exception thrown by 'org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao@45263910'>
org.springframework.ldap.PartialResultException: Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name ''
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:205)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:315)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:571)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:556)
at org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao.getPeopleForQuery(LdapPersonAttributeDao.java:187)
at org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao.getPeopleForQuery(LdapPersonAttributeDao.java:98)
at org.jasig.services.persondir.support.AbstractQueryPersonAttributeDao.getPeopleWithMultivaluedAttributes(AbstractQueryPersonAttributeDao.java:192)
at org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl.getAttributesFromDao(MergingPersonAttributeDaoImpl.java:40)
at org.jasig.services.persondir.support.AbstractAggregatingDefaultQueryPersonAttributeDao.getPeopleWithMultivaluedAttributes(AbstractAggregatingDefaultQueryPersonAttributeDao.java:124)
at org.jasig.services.persondir.support.AbstractDefaultAttributePersonAttributeDao.getPerson(AbstractDefaultAttributePersonAttributeDao.java:63)
at org.jasig.cas.authentication.principal.AbstractPersonDirectoryCredentialsToPrincipalResolver.resolvePrincipal_aroundBody0(AbstractPersonDirectoryCredentialsToPrincipalResolver.java:55)
at org.jasig.cas.authentication.principal.AbstractPersonDirectoryCredentialsToPrincipalResolver.resolvePrincipal_aroundBody1$advice(AbstractPersonDirectoryCredentialsToPrincipalResolver.java:44)
at org.jasig.cas.authentication.principal.AbstractPersonDirectoryCredentialsToPrincipalResolver.resolvePrincipal(AbstractPersonDirectoryCredentialsToPrincipalResolver.java:1)
at org.jasig.cas.authentication.LinkedAuthenticationHandlerAndCredentialsToPrincipalResolverAuthenticationManager.authenticateAndObtainPrincipal(LinkedAuthenticationHandlerAndCredentialsToPrincipalResolverAuthenticationManager.java:47)
at org.jasig.cas.authentication.AbstractAuthenticationManager.authenticate_aroundBody0(AbstractAuthenticationManager.java:41)
at org.jasig.cas.authentication.AbstractAuthenticationManager.authenticate_aroundBody1$advice(AbstractAuthenticationManager.java:44)
at org.jasig.cas.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:1)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
at com.github.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:126)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy63.authenticate(Unknown Source)
at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket_aroundBody10(CentralAuthenticationServiceImpl.java:413)
at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket_aroundBody11$advice(CentralAuthenticationServiceImpl.java:44)
at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(CentralAuthenticationServiceImpl.java:1)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
at org.perf4j.aop.AbstractTimingAspect$1.proceed(AbstractTimingAspect.java:47)
at org.perf4j.aop.AgnosticTimingAspect.runProfiledMethod(AgnosticTimingAspect.java:53)
at org.perf4j.aop.AbstractTimingAspect.doPerfLogging(AbstractTimingAspect.java:45)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
at com.github.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:126)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy64.createTicketGrantingTicket(Unknown Source)
at org.jasig.cas.web.flow.AuthenticationViaFormAction.submit_aroundBody2(AuthenticationViaFormAction.java:95)
at org.jasig.cas.web.flow.AuthenticationViaFormAction.submit_aroundBody3$advice(AuthenticationViaFormAction.java:44)
at org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(AuthenticationViaFormAction.java:1)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:830)
at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:1253)
at ognl.ObjectMethodAccessor.callMethod(ObjectMethodAccessor.java:68)
at ognl.OgnlRuntime.callMethod(OgnlRuntime.java:1329)
at ognl.ASTMethod.getValueBody(ASTMethod.java:90)
at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
at ognl.SimpleNode.getValue(SimpleNode.java:258)
at ognl.ASTChain.getValueBody(ASTChain.java:141)
at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
at ognl.SimpleNode.getValue(SimpleNode.java:258)
at ognl.Ognl.getValue(Ognl.java:494)
at org.springframework.binding.expression.ognl.OgnlExpression.getValue(OgnlExpression.java:85)
at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:75)
at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
at org.springframework.webflow.execution.AnnotatedAction.execute(AnnotatedAction.java:145)
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)
at org.springframework.webflow.engine.State.enter(State.java:194)
at org.springframework.webflow.engine.Transition.execute(Transition.java:227)
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:391)
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:119)
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:386)
at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
at org.springframework.webflow.engine.ViewState.handleEvent(ViewState.java:254)
at org.springframework.webflow.engine.ViewState.resume(ViewState.java:218)
at org.springframework.webflow.engine.Flow.resume(Flow.java:545)
at org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(FlowExecutionImpl.java:259)
at org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:169)
at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:183)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:560)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatcherServlet.java:115)
at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(SafeDispatcherServlet.java:44)
at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:1)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:405)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:279)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:515)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name ''
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2846)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:198)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:295)
... 145 more
2011-09-12 12:04:54,724 WARN [org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] - <Recovering From Exception thrown by 'org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao@45263910'>

Jeffrey Simpson
Senior Software Engineer
Telephone: 240.235.2144
Fax: 240.235.2174
sim...@yfu.org

Youth For Understanding (YFU) prepares young people for their responsibilities and opportunities in a changing, interdependent world.

--

Michael Ströder

unread,
Sep 13, 2011, 7:25:43 AM9/13/11
to cas-...@lists.jasig.org
Jeffrey Simpson wrote:
> I did some more digging and noticed that I was using the AD Global Catalog.
> This got rid of the org.springframework.ldap.PartialResultException I was
> getting earlier but the AD global catalog does not have all of the
> attributes.

You can also extend the attributes in the global catalog if you're allowed to
do that in your AD configuration.

Ciao, Michael.

Jeffrey Simpson

unread,
Sep 14, 2011, 9:53:48 AM9/14/11
to cas-...@lists.jasig.org
SOLVED sorta

So the original problem was caused by me using Active Directories Global Catalog to get around the PartialResultException that AD is known to throw. For those of you not deep into the intricaties of AD if you connect to ldap using port 3268 not 389 you get the Global Catalog. The Global Catalog is nice since it has information from all of thew AD domain including sub domains. The thing is not all attributes are synced to the Global Catalog. There is a way of telling AD what attributes to sync. The link below has information on that. So I had AD sync my extened attributes to the Global Catalog and all is happy.


http://technet.microsoft.com/en-us/library/cc758130%28WS.10%29.aspx

Begin forwarded message:

Marvin Addison

unread,
Sep 14, 2011, 9:59:19 AM9/14/11
to cas-...@lists.jasig.org
> So the original problem was caused by me using Active Directories Global Catalog to get around the PartialResultException that AD is known to throw.

Makes total sense now. Your custom attribute wasn't in the GC, so of
course it wasn't being returned by CAS attribute queries. Glad you
got it working.

M

Reply all
Reply to author
Forward
0 new messages