CAS Deref Plugin — UoA NOC Code

Installation Instructions

OpenLDAP

First of all, a properly configured OpenLDAP server is required. In order to do so, two steps are required:

During configuration of the ldap source, pass the configure script the option "--enable-deref"
Add the following two lines at slap.conf:
```
moduleload deref 
overlay deref
```

Person Directory

The CAS Dereference Plugin has been tested with JA-SIG Person Directory version 1.5.0-RC6

Dereference Plugin

There are two possible ways to install the plugin. The manual way,which should be used in an already deployed CAS server, and the automatic, which should be used if building CAS from scratch.

Manual Method

Copy the dereference plugin jar file into the WEB-INF/lib directory of your CAS installation. Then proceed to the deployment configuration part of this guide.

Automatic Method (Maven WAR Overlay)

A public maven repository is not yet available. For now only the jar method is supported, from the downloads page

Deployment Configuration

Then, you must modify the deployerConfigContext.xml file. The dereference plugin is LDAP specific, so your configuration should allready support authentication through an LDAP server and aggregate user attributes through the Person Directory Service. To your working deployerConfigContext.xml file, you should insert the following data:
1. The name of the attribute which will contain the dereference DN 2. The attributes to fetch from the dereferenced DN
Example:

<bean id="attributeRepository"
 class="org.jasig.services.persondir.support.ldap.DereferenceAwareLdapPersonAttributeDao" >
<property name="contextSource" ref="contextSource" /> <!--refer to the allready set
LdapContextSource -->
...

<property name="deref">
    <map>
        <entry key="derefDN1" value="dereferencedAttr1,dereferencedAttr2"/>
        <entry key="derefDN2" value="dereferencedAttr3"/>
    </map>
</property>

...
...
<property name="resultAttributeMapping">
<map>
<!-- Mapping between LDAP entry attributes (key) and Principal's (value) -->
<entry key="derefDN1.dereferencedAttr1" value="principal attr1 name"/>
<entry key="derefDN1.dereferencedAttr2" value="principal attr2 name" />
<entry key="derefDN2.dereferencedAttr3" value="principal attr3 name" />
<entry key="another_attr_name1" value="principal another attr1 name" />
<entry key="another_attr_name2" value="principal another attr2 name" />
</map>
</property>
</bean>

Note the "derefDN#.dereferencedAttr#" syntax. For example, it could be something like this:

<bean id="attributeRepository"
class="org.jasig.services.persondir.support.ldap.DereferenceAwareLdapPersonAttributeDao" >
...
<property name="deref">
    <map>
        <entry key="eduPersonOrgUnitDN" value="cn"/>
    </map>
</property>
...
<property name="resultAttributeMapping">
<map>
<entry key="eduPersonOrgUnitDN.cn" value="Department Name"/>
</map>
...
...
...
</map>
</property>
</bean>

This would mean: from the DN stored at the attribute with the name "eduPersonOrgUnitDN", fetch the entry named "cn" and map it to the name "Department Name".

Extended Attribute Release

Regarding the relation between dereferenced attributes and their respective DNs, check this out.