LDAP

Active Directory / LDAP for Satellite 6

Servers should be:
dcg5.grove.ad.uconn.edu
dcg2.grove.ad.uconn.edu
dcg1.grove.ad.uconn.edu

Ports:
LDAPS = 636
LDAP = 389

Account Username format for AD:
CN=satellite.ldap.svc,OU=Accounts,OU=Satellite,OU=Services,OU=SSG,OU=UConn,DC=grove,DC=ad,DC=uconn,DC=edu

Password for satellite.ldap.svc

Base DN:
DC=grove,DC=ad,DC=uconn,DC=edu

Groups base DN:  OU=Groups,OU=Satellite,OU=Services,OU=SSG,OU=UConn,DC=grove,DC=ad,DC=uconn,DC=edu

LDAP filter: (objectClass=User)

Satellite needed the following box checked:
“LDAP users will have their Satellite 6 account automatically created the first time they log into Satellite 6”.

External Mapping of LDAP attributes in CAS

One of the features that is attractive about CAS is it’s ability to pass LDAP attributes to a specified application via SAML. This functionality is starting to become more heavily used by our web developers, creating demand for more and more attributes to mapped. An issue arose from this; CAS must be rebuilt every time a new attribute is to be mapped. The solution was to externalize the resultAttributeMapping property to a configuration file. This can be achieved through the use of the util schema.

Add the schema to deployerConfigContext.xml:

xmlns:util="http://www.springframework.org/schema/util"

Append the following to schemaLocation:

http://www.springframework.org/schema/util

http://www.springframework.org/schema/util/spring-util-3.0.xsd

The resultAttributeMapping property (in deployerConfigContext) will look like this:

<property name="resultAttributeMapping">
<util:properties id="attr" location="file:/etc/cas/ldap.attributes" />
</property>

Your attributes file cannot contain other property configurations, due to how the file is referenced.  It is a collection that follows the form: key=value, with each entry placed on its own line.  Here is an example ldap.attributes property file:

cn=cn
uid=ssoid
givenname=givenName
mail=email