We are using Cas-Toolbox for our intranet.
We manage to get LDAP attribute via CAS and send it to the intranet app :
<bean id="adAttribRepository" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<property name="baseDN" value="DC=main,DC=cobaltgroup,DC=com"/>
<property name="queryTemplate" value="{0}"/>
<property name="contextSource" ref="contextSource"/>
<property name="ignorePartialResultException" value="yes"/>
<property name="usernameAttributeProvider">
<bean class="org.jasig.services.persondir.support.SimpleUsernameAttributeProvider">
<constructor-arg value="sAMAccountName"/>
</bean>
</property>
<property name="resultAttributeMapping">
<map>
<!-- Mapping beetween LDAP entry's attributes (key) and Principal"s (value) -->
<entry key="cn" value="Name"/>
<entry key="mail" value="Email"/>
</map>
</property>
</bean>
I want to know if it is possible to get groups the user belongs to. I tried the AD attribute "memberOf", but it returns only "first level" of group membership
Example :
- User is in groupA
- groupA is in groupB
MemberOf returns only groupA
I want to get groupA AND groupB
With the following filter, ldapsearch it is easy:
'(member:1.2.840.113556.1.4.1941:=(cn=user1,cn=users,DC=x))'
But I don't know how to make it work with CAS-Toolbox
- Is there a way of creating custom attribute mapping using a LDAP Query ?
- Is there a constructed AD attribute that already give the right answer ?
Thank in advance for your help
