-
Notifications
You must be signed in to change notification settings - Fork 26
Configuring BindLdapAuthenticationHandler with a custom XML element
Since version 1.6 there is a custom element in cas-addons XML schema for configuring CAS' BindLdapAuthenticationHandler beans. As always, it adds domain specific view to the bean configuration element, as well as simplifies the configuration by consolidating 2 bean definitions (LdapContextSource and BindLdapAuthenticationHandler) under one compact configuration element with sensible default values.
A minimal bean definition which produces an instance of BindLdapAuthenticationHandler looks like this:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cas="http://unicon.net/schema/cas"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://unicon.net/schema/cas
http://unicon.net/schema/cas/cas-addons.xsd">
<cas:bind-ldap-authentication-handler id="ldapAuthnHandler"
user-dn="user"
password="pass"
urls="ldaps://ldap1, ldaps://ldap2"
filter="sAMAccountName=%u"
search-base="OU=users"/>
</beans> (Note: id attribute is optional; is-pooled attribute's default value is false; ignore-partial-result-exception attribute's default value is true)
A complete configuration with all the attributes and ldap environment properties looks like this:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cas="http://unicon.net/schema/cas"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://unicon.net/schema/cas
http://unicon.net/schema/cas/cas-addons.xsd">
<cas:bind-ldap-authentication-handler id="ldapAuthnHandler"
user-dn="user"
password="pass"
urls="ldaps://ldap1, ldaps://ldap2"
filter="sAMAccountName=%u"
search-base="OU=users"
is-pooled="false"
ignore-partial-result-exception="true">
<cas:ldap-properties>
<cas:ldap-prop key="com.sun.jndi.ldap.connect.timeout" value="3000"/>
<cas:ldap-prop key="com.sun.jndi.ldap.read.timeout" value="3000"/>
<cas:ldap-prop key="java.naming.security.authentication" value="simple"/>
<cas:ldap-prop key="java.naming.referral" value="follow"/>
</cas:ldap-properties>
</cas:bind-ldap-authentication-handler>
</beans> Version 1.10 adds the ability to expose the internally created LdapContextSource bean to the parent application context so it could be injected into other beans that require it, for example an attribute repository that uses LDAP directory, etc. This is done by means of the new expose-context-source-bean-as attribute like so:
<cas:bind-ldap-authentication-handler id="ldapAuthnHandler"
user-dn="user"
password="pass"
urls="ldaps://ldap1, ldaps://ldap2"
filter="sAMAccountName=%u"
search-base="OU=users"
is-pooled="false"
ignore-partial-result-exception="true"
expose-context-source-bean-as="contextSource"/>