04 LDAP User Attribute Sources

Owned by Andrew Petro
Last updated: May 12, 2008 by Jen BoureyVersion comment
8 min read

uPortal is capable of retrieving user attributes from an LDAP source. To configure this behavior, you'll need to do the following:

Configure the ldap context in ldapContext.xml

<bean id="defaultLdapContext" class="org.springframework.ldap.core.support.LdapContextSource">
    <property name="url" value="ldap://ldap.myuniv.edu:389"/>
    <property name="base" value="ou=People, dc=myuniv, dc=edu"/>
    <property name="userName" value=""/>
    <property name="password" value=""/>
</bean>

Add an LDAP Attribute source to personDirectoryContext.xml

Uncomment the uPortalLdapAttributeSource example in the mergedPersonAttribute bean definition:

	<bean id="mergedPersonAttributeDao" class="org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl">
		<property name="personAttributeDaos">
			<list>
				<ref bean="uPortalJdbcAttributeSource"/>
				<ref bean="uPortalLdapAttributeSource"/>
			</list>
		</property>
	</bean>

Next, add the LDAP attribute source bean definition to the same file:


	<bean id="uPortalLdapAttributeSource" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
		<property name="contextSource" ref="defaultLdapContext" />
		<property name="queryAttributes">
			<list>
				<value>username</value>
			</list>
		</property>
		<property name="query">
			<value>(cn={0})</value>
		</property>
		<property name="ldapAttributesToPortalAttributes">
			<map>
				<entry key="eduPersonPrimaryAffiliation">   <value>uPortalTemplateUserName</value></entry>
				<entry key="eduPersonAffiliation">          <value>eduPersonAffiliation</value></entry>
				<entry key="eduPersonNickname">
                                                    <set>
                                                      <value>eduPersonNickname</value>
                                                      <value>user.name.nickName</value>
                                                    </set>
        </entry>
				<entry key="eduPersonOrgDN">
                                                    <set>
                                                      <value>eduPersonOrgDN</value>
                                                      <value>user.employer</value>
                                                    </set>
        </entry>
				<entry key="eduPersonOrgUnitDN">
                                                    <set>
                                                      <value>eduPersonOrgUnitDN</value>
                                                      <value>user.department</value>
                                                    </set>
        </entry>
				<entry key="eduPersonPrimaryAffiliation">   <value>eduPersonPrimaryAffiliation</value></entry>
				<entry key="eduPersonPrincipalName">        <value>eduPersonPrincipalName</value></entry>
				<entry key="c">                             <value>c</value></entry>
				<entry key="cn">                            <value>cn</value></entry>
				<entry key="description">                   <value>description</value></entry>
				<entry key="displayName">                   <value>displayName</value></entry>
				<entry key="facsimileTelephoneNumber">      <value>facsimileTelephoneNumber</value></entry>
				<entry key="givenName">
                                                    <set>
                                                      <value>givenName</value>
                                                      <value>user.name.given</value>
                                                    </set>
        </entry>
				<entry key="homePhone">                     <value>homePhone</value></entry>
				<entry key="homePostalAddress">             <value>homePostalAddress</value></entry>
				<entry key="initials">                      <value>initials</value></entry>
				<entry key="jpegPhoto">                     <value>jpegPhoto</value></entry>
				<entry key="l">                             <value>l</value></entry>
				<entry key="labeledURI">                    <value>labeledURI</value></entry>
				<entry key="mail">
                                                    <set>
                                                      <value>mail</value>
                                                      <value>user.home-info.online.email</value>
                                                    </set>
        </entry>
				<entry key="mobile">                        <value>mobile</value></entry>
				<entry key="o">                             <value>o</value></entry>
				<entry key="ou">                            <value>ou</value></entry>
				<entry key="pager">                         <value>pager</value></entry>
				<entry key="postalAddress">                 <value>postalAddress</value></entry>
				<entry key="postalCode">                    <value>postalCode</value></entry>
				<entry key="postOfficeBox">                 <value>postOfficeBox</value></entry>
				<entry key="preferredLanguage">             <value>preferredLanguage</value></entry>
				<entry key="seeAlso">                       <value>seeAlso</value></entry>
				<entry key="sn">
                                                    <set>
                                                      <value>sn</value>
                                                      <value>user.name.family</value>
                                                    </set>
        </entry>
				<entry key="st">                            <value>st</value></entry>
				<entry key="street">                        <value>street</value></entry>
				<entry key="telephoneNumber">               <value>telephoneNumber</value></entry>
				<entry key="uid">                           <value>uid</value></entry>
				<entry key="userCertificate">               <value>userCertificate</value></entry>
				<entry key="userSMIMECertificate">          <value>userSMIMECertificate</value></entry>
			</map>
		</property>
	</bean>

You may need to update the available attributes and query to match your server. Connections to Active Directory servers will most likely use a query of "(sAMAccountName={0})".