04 LDAP User Attribute Sources

Owned by Andrew Petro
Last updated: Jan 04, 2010 by Steve SwinsburgVersion comment
16 min read

uPortal is capable of retrieving user attributes from an LDAP source. To configure this behavior, you'll need to do the following.
(warning) uPortal 3.1 introduces a new configuration is different from all previous versions. You will not be able to copy and paste your previous configuration from any earlier version of uPortal.

Configure the ldap context in uportal-impl/src/main/resources/properties/contexts/ldapContext.xml

<beans>
  ...
  <bean id="defaultLdapContext" class="org.springframework.ldap.core.support.LdapContextSource">
    <property name="url" value="ldap://ldap.myuniv.edu:389"/>
    <property name="pooled" value="false"/>
    <property name="userName" value=""/>
    <property name="password" value=""/>
  </bean>
  ...
</beans>

Note the absence of the "baseDN" property in this bean. You will configure it later.

If you are configuring your LDAP context to connect to an AD server, you may need to add the following properties to the bean definition:

 <property name="baseEnvironmentProperties">
      <map>
        <entry>
          <key>
            <value>java.naming.security.authentication</value>
          </key>
          <value>simple</value>
        </entry>
        <entry key="java.naming.referral">
          <value>follow</value>
        </entry>
      </map>
 </property>

Add an LDAP Attribute source to uportal-impl/src/main/resources/properties/contexts/personDirectoryContext.xml

Edit the cachingMergedPersonAttributeDao bean definition to add uPortalLdapAttributeSource under personAttributeDaos:

<bean id="cachingMergedPersonAttributeDao" class="org.jasig.services.persondir.support.CachingPersonAttributeDaoImpl">
        <property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
        <property name="cacheNullResults" value="true" />
        <property name="userInfoCache">
            ...
        </property>
        <property name="cacheKeyGenerator" ref="userAttributeCacheKeyGenerator" />
        <property name="cachedPersonAttributesDao" >
            <bean class="org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl">
                <property name="usernameAttributeProvider" ref="usernameAttributeProvider" />
                <property name="merger">
                    ...
                </property>
                <property name="personAttributeDaos">
                    <list>
                        // add the line below
                        <ref bean="uPortalLdapAttributeSource"/>
                        <ref bean="cachinguPortalJdbcAttributeSource"/>
                        <ref bean="cachinguPortalJdbcUserSource"/>
                    </list>
                </property>
            </bean>
        </property>
    </bean>

Next, add the LDAP attribute source bean definition to the same file. This is where you put your baseDN.

<bean id="uPortalLdapAttributeSource" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
		<property name="contextSource" ref="defaultLdapContext" />
                <property name="baseDN" value="ou=department,o=university,c=edu" />
                <property name="queryAttributeMapping">
                    <map>
                        <entry key="username" value="uid"/>
                    </map>
                </property>

                <property name="resultAttributeMapping">
                    <map>
                        <entry key="eduPersonPrimaryAffiliation">
                            <value>uPortalTemplateUserName</value>
                        </entry>
                        <entry key="eduPersonAffiliation">
                            <value>eduPersonAffiliation</value>
                        </entry>
                        <entry key="eduPersonNickname">
                            <set>
                                <value>eduPersonNickname</value>
                                <value>user.name.nickName</value>
                            </set>
                        </entry>
                        <entry key="eduPersonOrgDN">
                            <set>
                                <value>eduPersonOrgDN</value>
                                <value>user.employer</value>
                            </set>
                        </entry>
                        <entry key="eduPersonOrgUnitDN">
                            <set>
                                <value>eduPersonOrgUnitDN</value>
                                <value>user.department</value>
                            </set>
                        </entry>
                        <entry key="eduPersonPrimaryAffiliation">
                            <value>eduPersonPrimaryAffiliation</value>
                        </entry>
                        <entry key="eduPersonPrincipalName">
                            <value>eduPersonPrincipalName</value>
                        </entry>
                        <entry key="c">
                            <value>c</value>
                        </entry>
                        <entry key="cn">
                            <value>cn</value>
                        </entry>
                        <entry key="description">
                            <value>description</value>
                        </entry>
                        <entry key="displayName">
                            <value>displayName</value>
                        </entry>
                        <entry key="facsimileTelephoneNumber">
                            <value>facsimileTelephoneNumber</value>
                        </entry>
                        <entry key="givenName">
                            <set>
                                <value>givenName</value>
                                <value>user.name.given</value>
                            </set>
                        </entry>
                        <entry key="homePhone">
                            <value>homePhone</value>
                        </entry>
                        <entry key="homePostalAddress">
                            <value>homePostalAddress</value>
                        </entry>
                        <entry key="initials">
                            <value>initials</value>
                        </entry>
                        <entry key="jpegPhoto">
                            <value>jpegPhoto</value>
                        </entry>
                        <entry key="l">
                            <value>l</value>
                        </entry>
                        <entry key="labeledURI">
                            <value>labeledURI</value>
                        </entry>
                        <entry key="mail">
                            <set>
                                <value>mail</value>
                                <value>user.home-info.online.email</value>
                            </set>
                        </entry>
                        <entry key="mobile">
                            <value>mobile</value>
                        </entry>
                        <entry key="o">
                            <value>o</value>
                        </entry>
                        <entry key="ou">
                            <value>ou</value>
                        </entry>
                        <entry key="pager">
                            <value>pager</value>
                        </entry>
                        <entry key="postalAddress">
                            <value>postalAddress</value>
                        </entry>
                        <entry key="postalCode">
                            <value>postalCode</value>
                        </entry>
                        <entry key="postOfficeBox">
                            <value>postOfficeBox</value>
                        </entry>
                        <entry key="preferredLanguage">
                            <value>preferredLanguage</value>
                        </entry>
                        <entry key="seeAlso">
                            <value>seeAlso</value>
                        </entry>
                        <entry key="sn">
                            <set>
                                <value>sn</value>
                                <value>user.name.family</value>
                            </set>
                        </entry>
                        <entry key="st">
                            <value>st</value>
                        </entry>
                        <entry key="street">
                            <value>street</value>
                        </entry>
                        <entry key="telephoneNumber">
                            <value>telephoneNumber</value>
                        </entry>
                        <entry key="uid">
                            <value>uid</value>
                        </entry>
                        <entry key="userCertificate">
                            <value>userCertificate</value>
                        </entry>
                        <entry key="userSMIMECertificate">
                            <value>userSMIMECertificate</value>
                        </entry>
                    </map>
                </property>
	</bean>

You may need to update the available attributes and query to match your server. Connections to Active Directory servers will most likely use a query of "(sAMAccountName={0})".

Build and deploy the modifications

From the root of your uPortal source:

ant clean deploy-ear