CAS 4.2获取LDAP属性 [英] CAS 4.2 get LDAP attributes

问题描述

我正在使用以下配置成功获取LDAP属性值，并且可以在日志文件中看到这些值。

I am using the below configuration to successfully get LDAP attribute values and I could see those values in log file.

<bean id="ldapAuthenticationHandler"
        class="org.jasig.cas.authentication.LdapAuthenticationHandler"
              p:principalIdAttribute="sAMAccountName"
              c:authenticator-ref="authenticator">
            <property name="principalAttributeMap">
                <map>
                    <entry key="displayName" value="simpleName" />
                    <entry key="mail" value="email" />
                    <entry key="memberOf" value="membership" />
                </map>
            </property>
    </bean>

现在如何将这些属性发送给客户端？

Now how can I send these attributes to client?

这是我的deployerConfigContext.xml中的默认attributeRepository：

This is the default attributeRepository in my deployerConfigContext.xml:

<bean id="attributeRepository" class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao"
          p:backingMap-ref="attrRepoBackingMap" />

 <util:map id="attrRepoBackingMap">
    <entry key="uid" value="uid" />
    <entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
    <entry key="groupMembership" value="groupMembership" />
    <entry>
        <key><value>memberOf</value></key>
        <list>
            <value>faculty</value>
            <value>staff</value>
            <value>org</value>
        </list>
    </entry>
</util:map>

是否可以用PrincipalAttributeMap填充attributeRepository？

Is there a way to populate attributeRepository with principalAttributeMap?

当我从deployerConfigContext.xml中删除attributeRepository时抛出异常。

Its throwing exception when I remove attributeRepository from deployerConfigContext.xml.

根据本文档 https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html ，LdapAuthenticationHandler是能够独立解析和检索主体属性，而无需额外的主体解析器机制。如果是这样，我们如何将这些属性返回给客户？

As per this document https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html, LdapAuthenticationHandler is capable of resolving and retrieving principal attributes independently without the need for extra principal resolver machinery. If so, how can we return those attributes to clients?

推荐答案

根据本文档 https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html ，

如果您确实决定让身份验证处理程序而不是单独的主体解析器来检索属性，则需要确保链接的解析器处于非活动状态：

If you do decide to let the authentication handler retrieve attributes instead of a separate principal resolver, you will need to ensure the linked resolver is made inactive:

<util:map id="authenticationHandlersResolvers">
   ...
   <entry key-ref="ldapAuthenticationHandler" value="#{null}" />
</util:map>

进行此更改后，它开始工作。

After making this change, it started working.

这篇关于CAS 4.2获取LDAP属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！