Month: October 2012

External Mapping of LDAP attributes in CAS

One of the features that is attractive about CAS is it’s ability to pass LDAP attributes to a specified application via SAML. This functionality is starting to become more heavily used by our web developers, creating demand for more and more attributes to mapped. An issue arose from this; CAS must be rebuilt every time a new attribute is to be mapped. The solution was to externalize the resultAttributeMapping property to a configuration file. This can be achieved through the use of the util schema.

Add the schema to deployerConfigContext.xml:

xmlns:util="http://www.springframework.org/schema/util"

Append the following to schemaLocation:

http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.0.xsd

The resultAttributeMapping property (in deployerConfigContext) will look like this:

<property name="resultAttributeMapping">
<util:properties id="attr" location="file:/etc/cas/ldap.attributes" />
</property>

Your attributes file cannot contain other property configurations, due to how the file is referenced.  It is a collection that follows the form: key=value, with each entry placed on its own line.  Here is an example ldap.attributes property file:

cn=cn
uid=ssoid
givenname=givenName
mail=email

External Mapping of LDAP attributes in CAS

One of the features that is attractive about CAS is it’s ability to pass LDAP attributes to a specified application via SAML. This functionality is starting to become more heavily used by our web developers, creating demand for more and more attributes to mapped. An issue arose from this; CAS must be rebuilt every time a new attribute is to be mapped. The solution was to externalize the resultAttributeMapping property to a configuration file. This can be achieved through the use of the util schema.

Add the schema to deployerConfigContext.xml:

xmlns:util="http://www.springframework.org/schema/util"

Append the following to schemaLocation:

http://www.springframework.org/schema/util

http://www.springframework.org/schema/util/spring-util-3.0.xsd

The resultAttributeMapping property (in deployerConfigContext) will look like this:

<property name="resultAttributeMapping">
<util:properties id="attr" location="file:/etc/cas/ldap.attributes" />
</property>

Your attributes file cannot contain other property configurations, due to how the file is referenced.  It is a collection that follows the form: key=value, with each entry placed on its own line.  Here is an example ldap.attributes property file:

cn=cn
uid=ssoid
givenname=givenName
mail=email

OpenLDAP: Bootstrapping a minimal cn=config

Here is how to bootstrap OpenLDAP’s slapd with an absolutely minimal configuration, without needing an intermediate slapd.conf, with one feature — the local root user (uid=0/gid=0) has “manage” access.  From this point, ldapmodify can be used via ldapi to continue making configuration changes.  This is a good way to start a new server configuration.

Bootstrap:

$> echo 'dn: cn=config
objectClass: olcGlobal
cn: config

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: to dn.subtree="cn=config" by dn=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * none
' | slapadd -n0 -F slapd.d

Start slapd:

#> slapd -F slapd.d -h ldapi://foo

Make changes via ldapmodify:

#> ldapmodify -Y EXTERNAL -H ldapi://foo ...