CAS3.0.7 + LDAP configuration -- urgent help request!!
Richard Gundersen
richardgundersen at hotmail.com
Mon Apr 28 15:12:22 EDT 2008
Hi Scott
That last bit was my own question tagged on at the end :-)
>>> There's documentation in the wiki on using PersonDirectory to load
additional attributes. However, you'll either need to customize your
CAS response payload or utilize SAML 1.1 to actually send that
information to the clients. None of the CAS clients will currently
automatically extract that information and use it to do things like
isUserInRole
Thanks for this info. I'll try it out in the morning when I am back in the office. All I need to do is load the Roles (from LDAP via a query I already have) and put them into the HTTP Session where my existing apps can get hold of them. I took the latest source from Subversion before I left for the day so I'll have a look at that and try and figure it out. I guess I'll need to write my own 'CustomPersonAttributeDaoImpl'.
The docs on this page (http://www.ja-sig.org/wiki/display/UPC/PersonDirectory) sound like what I need and this method sounds like what I need to use:
public Map getUserAttributes(final String uid);
Does the returned Map of attributes get put into the session? Please let me know if I am on the wrong track.
Regards
Richard
Date: Mon, 28 Apr 2008 14:14:03 -0400
From: scott.battaglia at gmail.com
To: cas at tp.its.yale.edu
Subject: Re: CAS3.0.7 + LDAP configuration -- urgent help request!!
On Mon, Apr 28, 2008 at 1:36 PM, Richard Gundersen <richardgundersen at hotmail.com> wrote:
Hi
I have been going through the same hell today so maybe I can try and answer a couple of your questions:
1. Can CAS 3.0.7 configure LDAP or I have to upgrade to the most recent version?
>> Probably. Try following this guide: http://www.ja-sig.org/wiki/display/CASUM/LDAP, it worked for me.
2. If I want to configure CAS 3.0.7 to LDAP, I don't find porn.xml in webapps.
>> It's called pom.xml (not porn) and I think it's in a subdirectory under /META-INF
That's actually incorrect (well not the part about it not being called porn ;-)). CAS 3.0.7 doesn't use Maven2 and thus won't have a pom.xml. In addition, you want to edit the pom.xml in the CAS_HOME/cas-server-webapp from the CAS 3.2.1 distribution.
3. where should I put the following code in deployerConfigContext.xml?
>> I think it's in Web.xml. If you follow that guide in (1) it explains what you need to change. There a quite a few options to change, but I found if I went through each one systematically, I eventually got the config right. It helps if you have some config from something else that connects to your LDAP server (some other app) that you can look at for the correct syntax (LDAP connection syntax can vary a bit depending on which LDAP server you are using. Also, have an LDAP browser handy so you can see your directory structure. That will also help.
deployerConfigContext.xml is its own file located in CAS_HOME/cas-server-webapp/WEB-INF
4. I don't understand the following piece code from ldap
<property name="userName" value="{bind_username_goes_here}"/>
<property name="password" value="{bind_user_password_goes_here}"/>
>> put your LDAP administrator username and password in there. So, whereas with MySQL you have root/mypassword, put in the corresponding values for LDAP instead. I can't remember if I kept the {} braces - they may not be required if you put the literal username/password in. Try with and without.
If you know how to populate roles etc into the session principal (either with MySQL or LDAP) please let me know :)
There's documentation in the wiki on using PersonDirectory to load additional attributes. However, you'll either need to customize your CAS response payload or utilize SAML 1.1 to actually send that information to the clients. None of the CAS clients will currently automatically extract that information and use it to do things like isUserInRole
-Scott
Regards
Richard
> Date: Mon, 28 Apr 2008 10:59:43 -0500
> From: edwardc at wolfram.com
> To: cas at tp.its.yale.edu; cas-dev at tp.its.yale.edu
> Subject: CAS3.0.7 + LDAP configuration -- urgent help request!!
>
> first, I have my CAS 3.0.7 up and running for mysql server.
>
> I am using CAS 3.0.7. I plan to configure CAS 3.0.7 with LDAP. I have
> LDAP server.
> Now when I refer to page http://www.ja-sig.org/wiki/display/CASUM/LDAP
> to help me configure and I find something missing in my CAS 3.0.7. I
> have few questions
> 1. Can CAS 3.0.7 configure LDAP or I have to upgrade to the most recent
> version?
>
> 2. If I want to configure CAS 3.0.7 to LDAP, I don't find porn.xml in
> webapps. How do I add porn.xml portion into it? Can I just copy porn.xml
> file into my CAS 3.0.7's webapps folder? if not, where do I add the
> following piece
>
> <dependency>
> <groupId>${project.groupId}</groupId>
> <artifactId>cas-server-support-ldap</artifactId>
> <version>${project.version}</version>
> </dependency>
>
>
>
> 3. where should I put the following code in deployerConfigCpntext.xml? I
> attached my deployerConfigCpntext.xml.for you to take a look if it's
> right I put that piece. Also, when I add the ldap part into
> deployerConfigCpntext.xml, do I need to comment out my mysql connection
> bean?
>
> 4. I don't understand the following piece code from ldap
>
> <property name="userName" value="{bind_username_goes_here}"/>
> <property name="password"
> value="{bind_user_password_goes_here}"/>
>
> Do I need to change anything above?
>
>
> Edward
Get fish-slapping on Messenger Play Now!
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
_________________________________________________________________
Bag extra points with the Walkers Brit Trip Game
http://www.walkersbrittrips.co.uk/game
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080428/1405eee5/attachment.html
More information about the cas
mailing list