CAS 4 - 如何检索LDAP属性并获取错误' PersonDirectoryPrincipalResolver无法解析主体'?

时间:2016-05-18 22:49:05

标签: authentication attributes ldap cas

长话短说,我使用CAS4.0连接LDAP服务器。当我使用模拟数据进行测试时,可以成功从LDAP服务器验证uid /密码并从StubPersonAttributeDao检索数据。然后,我从LDAP服务器修改数据,我在身份验证中失败并得到错误PersonDirectoryPrincipalResolver failed to resolve principal。有人可以帮忙吗?详细的故事如下:

我在attributeRepository中添加deployerConfigContext.xml以使用模拟数据,如下所示:

<bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao"
            p:backingMap-ref="attrRepoBackingMap" />

    <util:map id="attrRepoBackingMap">
        <entry key="uid" value="uid" />
        <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> 
        <entry key="groupMembership" value="groupMembership" />
    </util:map>

运行代码时,我可以在调用serviceValidate时成功检索模拟属性eduPersonAffiliation和groupMembership。

然后,我尝试从LDAP服务器检索数据到CAS,所以我更改了attributeRepository如下:

 <bean id="attributeRepository" 
          class="org.jasig.cas.persondir.LdapPersonAttributeDao" 
          p:baseDN="dc=example,dc=com" 
          p:searchFilter="uid={0}" 
          p:searchControls-ref="searchControls" 
          p:connectionFactory-ref="connectionFactory" 
          p:resultAttributeMapping-ref="resultAttributeMap" 
          /> 

     <util:map id="resultAttributeMap"> 
       <entry key="uid" value="uid" /> 
       <entry key="mail" value="mail" /> 
       <entry key="cn" value="cn" /> 
     </util:map> 

     <bean id="searchControls" 
           class="javax.naming.directory.SearchControls" 
           p:searchScope="2" 
      />

我有ldapAuthenticationHandler如下:

<bean id="ldapAuthenticationHandler"
      class="org.jasig.cas.authentication.LdapAuthenticationHandler"
      p:principalIdAttribute="uid"
      c:authenticator-ref="authenticator">
    <property name="principalAttributeMap">
        <map>
            <entry key="uid" value="uid" />
            <entry key="mail" value="mail" />
            <entry key="cn" value="cn" />
        </map>
    </property>
</bean>

但是我发现如下错误,它首先成功验证,然后发出错误以使验证失败: 2016-05-18 15:02:44,979 INFO 

[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - LdapAuthenticationHandler successfully authenticated newton+password
2016-05-18 15:02:44,985 ERROR [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver@35ab1a4c failed to resolve principal from newton+password
java.lang.IllegalStateException: Connection is not open
    at org.ldaptive.DefaultConnectionFactory$DefaultConnection.getProviderConnection(DefaultConnectionFactory.java:272)

任何人都知道如何修复它?

1 个答案:

答案 0 :(得分:0)

您的ldap authn处理程序能够在没有主存储库的情况下检索属性。见http://apereo.github.io/cas/4.2.x/installation/Configuring-Principal-Resolution.html#principalresolver-vs-authenticationhandler

相关问题
最新问题