Reputation: 11
CAS 5.2.3 & LDAP Attribute
I have CAS 5.2.3 and an LDAP connection.
LDAP has 1 domain and 2 ou (ou = groups, ou = people). Each group has a cn with the group name. Each such group contains several members, where the username from ou = people is specified.
Initially (during authentication) the user is connected to ou=people. Next, we need to get a list of its groups (one user can be in many groups) from ou=groups.
My task is to get the groups of the user when it is authenticated in order to update them.
I need to pass the user (for example: "cn=MOrlova, ou=people, dc=domain, dc=ru") and get all the groupNames of which this user is a member (Preferably in a String[ ]). The data structure is like this.
LDAP EXAMPLE:
I do not understand what settings I need to make in CAS to connect. I found these in the CAS description:
cas.authn.attributeRepository.ldap[2].ldapUrl=ldap://localhost:9080
cas.authn.attributeRepository.ldap[2].useSsl=false
cas.authn.attributeRepository.ldap[2].useStartTls=false
cas.authn.attributeRepository.ldap[2].connectTimeout=5000
cas.authn.attributeRepository.ldap[2].bindDn=cn=Manager,dc=domain,dc=ru
cas.authn.attributeRepository.ldap[2].bindCredential=Manager1
cas.authn.attributeRepository.ldap[2].userFilter=(&(member=cn{user})
cas.authn.attributeRepository.ldap[2].subtreeSearch=true
cas.authn.attributeRepository.ldap[2].dnFormat=cn=%s,ou=groups,dc=domain,dc=ru
Even if it works, how can I then collect the response into a list of Strings and get them in a regular Java class?
Upvotes: 0
Views: 198
Answers (1)
Reputation: 11
Unfortunately, with this data structure, you won't be able to collect attributes.
But, there is a solution. You can create a file in src/main/resources/META-INF/ named spring.factories, specify there:
org.springframework.boot.autoconfigure.EnableAutoConfiguration=CasConfiguration
Create src/main/java/ru/security/core/cas/config package and create CasConfiguration class there.
You need annotations:
@Configuration ("MyConfiguration")
@EnableConfigurationProperties (CasConfigurationProperties.class)
@ComponentScan ("ru.security.core.cas") //This is not necessary, but if you have other spring components, it will definitely help.
Next, you will have access to CasConfigurationProperties. We do in the CasConfiguration class:
@Autowired
private CasConfigurationProperties casConfigurationProperties;
@Bean
public ConnectionFactory supportConnectionFactory () {
return LdapUtils.newLdaptivePooledConnectionFactory (
casConfigurationProperties.getAuthn().getLdap().get(0));
}
Thus, we get a connection to our ldap. Next, we need to send a request to LDAP and we can do it like this:
Response <SearchResult> response = null;
try {
response = LdapUtils.executeSearchOperation (connectionFactory, BASE_DN, LDAP_FILTER);
} catch (LdapException e) {
e.printStackTrace ();
}
Upvotes: 1
Related Questions
- CAS 4.2.x deployerConfigContext.xml to connect to LDAP
- CAS 4.2 get LDAP attributes
- LDAP user attributes from CAS
- LDAP Integration with CAS + Spring
- Populate LDAP with credentional for CAS
- Get LDAP user attributes from CAS
- Single Sign On with CAS server in JAVA
- How to setup CAS with LDAP on tomcat.. NO ERROR
- Spring project using CAS for Authentication and LDAP for Authorities
- CAS Services ACL