2

我正在使用最新版本的 Jasig CAS 服务器 (4.0.0) 和 LDAP 服务器。

用户存储在此 LDAP 结构下:ou=Users,ou=SSOTEST,dc=mycompany,dc=com

我想要的是从顶层搜索用户(例如:)ou=SSOTEST,dc=mycompany,dc=com

CAS 服务器有一个LdapPersonAttributeDaobean,它正在寻找与搜索过滤器匹配的对象。这是这个 bean 的代码:

<bean id="ldapPersonAttributeDao"
      class="org.jasig.cas.persondir.LdapPersonAttributeDao"
      p:connectionFactory-ref="searchPooledLdapConnectionFactory"
      p:baseDN="ou=SSOTEST,dc=company,dc=com"
      p:searchControls-ref="searchControls"
      p:searchFilter="uid={0}">
    <property name="resultAttributeMapping">
        <map>
            <!--
               | Key is LDAP attribute name, value is principal attribute name.
               -->
            <entry key="memberOf" value="userMemberOf" />
            <entry key="cn" value="userCn" />
        </map>
    </property>
</bean>

现在是在(2) 级别(根据范围级别值)searchControls进行查找的 bean 。SUBTREE_SCOPESearchControls

<bean id="searchControls"
      class="javax.naming.directory.SearchControls"
      p:searchScope="2"
      p:countLimit="10" />

当我运行我的 CAS 服务器并尝试进行身份验证时,一切正常,但没有返回额外的属性。我认为问题来自searchScope,它似乎没有设置为想要的值。这是服务器的输出日志:

<execute request=[org.ldaptive.SearchRequest@-1312441815::baseDn=ou=SSOTEST,dc=mycompany,dc=com, searchFilter=[org.ldaptive.SearchFilter@-3391 91059::filter=uid={0}, parameters={0=myuser}], returnAttributes=[], searchScope=null, timeLimit=0, sizeLimit=10 [...]

4

1 回答 1

3

I know its been some time since this question was asked. But I managed to fix this problem by adding:

<bean class="org.springframework.context.annotation.CommonAnnotationBeanPostProcessor" />

to deployerConfigContext.xml.

The cause of this issue was that the initalize method in LdapPersonAttributeDao was not being invoked because the @PostConstruct annotation wasn't being executed. For this reason the searchScope variable was never set.

于 2015-01-21T23:51:32.433 回答