LDAPConnector with springResources file

Youssef GHORBAL youssef.ghorbal at pasteur.fr
Thu Apr 21 20:30:31 EDT 2016 

Hello,

	(IdP 3.2.1)

	I’m trying to configure an LDAPConnector with a springRessources file using the example provided here :
	https://wiki.shibboleth.net/confluence/display/IDP30/LDAPConnector

	The IdP reloads correctly (with no errors) but attributes resolving does not provide any results.

	What I’ve see in the logs is :

2016-04-22 02:02:03,241 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (|(sAMAccountName=$requestContext.principalName)(userPrincipalName=$requestContext.principalName)) yields (|(sAMAccountName=$requestContext.principalName)(userPrincipalName=$requestContext.principalName))

	While using the custom syntax everything is working and I get :

2016-04-22 02:17:29,398 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (|(sAMAccountName=$requestContext.principalName)(userPrincipalName=$requestContext.principalName)) yields (|(sAMAccountName=djo)(userPrincipalName=djo))

	It seems like the filter templating is not kicking in.

	Is there anything else to do other that creating the file a making the Dataconnector looks like :
   
 <resolver:DataConnector id="ADPasteur"
        xsi:type="dc:LDAPDirectory"
        springResources="file:///${idp.home}/conf/resolver/ldap-attribute-resolver-config.xml"/>


	Here’s the springRessources file I’m using :

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:context="http://www.springframework.org/schema/context"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
 
    <!-- each bean is set on LDAPDataConnector -->
    <bean class="org.ldaptive.pool.PooledConnectionFactory">
        <property name="connectionPool">
            <bean class="org.ldaptive.pool.BlockingConnectionPool" init-method="initialize" p:blockWaitTime="%{idp.attribute.resolver.LDAP.blockWaitTime}" p:name="attribute-resolver-pool">
                <constructor-arg index="0">
                    <bean class="org.ldaptive.pool.PoolConfig"
                        p:minPoolSize="%{idp.pool.LDAP.minSize}"
                        p:maxPoolSize="%{idp.pool.LDAP.maxSize}"
                        p:validateOnCheckOut="%{idp.pool.LDAP.validateOnCheckout}"
                        p:validatePeriodically="%{idp.pool.LDAP.validatePeriodically}"
                        p:validatePeriod="%{idp.pool.LDAP.validatePeriod}" />
                </constructor-arg>
                <constructor-arg index="1">
                    <bean class="org.ldaptive.DefaultConnectionFactory">
                        <property name="connectionConfig">
                            <bean class="org.ldaptive.ConnectionConfig" p:ldapUrl="%{idp.attribute.resolver.LDAP.ldapURL}"
                                p:connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
                                p:responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}"
                                p:useSSL="%{idp.attribute.resolver.LDAP.useSSL}"
                                p:useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS}">
                                <property name="connectionInitializer">
                                    <bean class="org.ldaptive.BindConnectionInitializer"
                                        p:bindDn="%{idp.attribute.resolver.LDAP.bindDN}"
                                        p:bindCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}" />
                                </property>
                                <property name="sslConfig">
                                    <bean class="org.ldaptive.ssl.SslConfig"/>
                                </property>
                            </bean>
                        </property>
                    </bean>
                </constructor-arg>
                <property name="validator">
                    <bean class="org.ldaptive.pool.SearchValidator" />
                </property>
                <property name="pruneStrategy">
                    <bean class="org.ldaptive.pool.IdlePruneStrategy"
                        p:prunePeriod="%{idp.pool.LDAP.prunePeriod}"
                        p:idleTime="%{idp.pool.LDAP.idleTime}" />
                </property>
            </bean>
        </property>
    </bean>
 
    <bean class="org.ldaptive.SearchExecutor" p:baseDn="%{idp.attribute.resolver.LDAP.baseDN}" />
 
    <bean id="cacheBuilder" class="com.google.common.cache.CacheBuilder" factory-method="from">
        <constructor-arg value="expireAfterAccess=10s,maximumSize=25" />
    </bean>
 
    <bean id="cache" class="com.google.common.cache.Cache" factory-bean="cacheBuilder" factory-method="build" />
 
    <bean class="net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder"
        p:templateText="%{idp.attribute.resolver.LDAP.searchFilter}" p:velocityEngine-ref="shibboleth.VelocityEngine"
        init-method="initialize" />
</beans>


Youssef Ghorbal
Institut Pasteur

More information about the users mailing list