Search code examples

CAS LDAP Search Subtree

I'm using last version of Jasig CAS server (4.0.0) with an LDAP server.

Users are stored under this LDAP structure : ou=Users,ou=SSOTEST,dc=mycompany,dc=com

What I want is to search an user from a top level (example : ou=SSOTEST,dc=mycompany,dc=com).

CAS server has an LdapPersonAttributeDao bean which is looking for an object matching a search filter. Here is the code for this bean :

<bean id="ldapPersonAttributeDao"
    <property name="resultAttributeMapping">
               | Key is LDAP attribute name, value is principal attribute name.
            <entry key="memberOf" value="userMemberOf" />
            <entry key="cn" value="userCn" />

And now the searchControls bean which do a lookup at SUBTREE_SCOPE (2) level (according toSearchControls scope level values).

<bean id="searchControls"
      p:countLimit="10" />

When I run my CAS server and I try to authenticate, everything works but there are no extra attributes returned. I think the problem comes from searchScope, which don't seems to be set to wanted value. Here is output log from the server :

<execute request=[org.ldaptive.SearchRequest@-1312441815::baseDn=ou=SSOTEST,dc=mycompany,dc=com, searchFilter=[org.ldaptive.SearchFilter@-3391 91059::filter=uid={0}, parameters={0=myuser}], returnAttributes=[], searchScope=null, timeLimit=0, sizeLimit=10 [...]


  • I know its been some time since this question was asked. But I managed to fix this problem by adding:

    <bean class="org.springframework.context.annotation.CommonAnnotationBeanPostProcessor" />

    to deployerConfigContext.xml.

    The cause of this issue was that the initalize method in LdapPersonAttributeDao was not being invoked because the @PostConstruct annotation wasn't being executed. For this reason the searchScope variable was never set.