LDAP User Attribute Sources
- Jen Bourey
- Laura McCord
Owned by Jen Bourey
uPortal is capable of retrieving user attributes from an LDAP source. To configure this behavior, you'll need to do the following.
uPortal 3.1 introduces a new configuration which is different from all previous versions. You will NOT be able to copy and paste your previous configuration from any earlier version of uPortal.
Step 1. Configure the ldap context in uportal-impl/src/main/resources/properties/contexts/ldapContext.xml
<beans>
...
<bean id="defaultLdapContext" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="url" value="ldap://ldap.myuniv.edu:389"/>
<property name="pooled" value="false"/>
<property name="userName" value=""/>
<property name="password" value=""/>
</bean>
...
</beans>
Note the absence of the "baseDN" property in this bean. You will configure it later.
If you are configuring your LDAP context to connect to an AD server, you may need to add the following properties to the bean definition:
 <property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>java.naming.security.authentication</value>
</key>
<value>simple</value>
</entry>
<entry key="java.naming.referral">
<value>follow</value>
</entry>
</map>
</property>
Step 2. Add an LDAP Attribute source to uportal-impl/src/main/resources/properties/contexts/personDirectoryContext.xml
- Edit the cachingMergedPersonAttributeDao bean definition to add uPortalLdapAttributeSource under personAttributeDaos:
<bean id="cachingMergedPersonAttributeDao" class="org.jasig.services.persondir.support.CachingPersonAttributeDaoImpl"> <property name="usernameAttributeProvider" ref="usernameAttributeProvider" /> <property name="cacheNullResults" value="true" /> <property name="userInfoCache"> ... </property> <property name="cacheKeyGenerator" ref="userAttributeCacheKeyGenerator" /> <property name="cachedPersonAttributesDao" > <bean class="org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl"> <property name="usernameAttributeProvider" ref="usernameAttributeProvider" /> <property name="merger"> ... </property> <property name="personAttributeDaos"> <list> // add the line below <ref bean="uPortalLdapAttributeSource"/> <ref bean="cachinguPortalJdbcAttributeSource"/> <ref bean="cachinguPortalJdbcUserSource"/> </list> </property> </bean> </property> </bean> - Next, add the LDAP attribute source bean definition to the same file. This is where you put your baseDN.
<bean id="uPortalLdapAttributeSource" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> <property name="contextSource" ref="defaultLdapContext" /> <property name="baseDN" value="ou=department,o=university,c=edu" /> <property name="queryAttributeMapping"> <map> <entry key="username" value="uid"/> </map> </property> <property name="resultAttributeMapping"> <map> <entry key="eduPersonPrimaryAffiliation"> <value>uPortalTemplateUserName</value> </entry> <entry key="eduPersonAffiliation"> <value>eduPersonAffiliation</value> </entry> <entry key="eduPersonNickname"> <set> <value>eduPersonNickname</value> <value>user.name.nickName</value> </set> </entry> <entry key="eduPersonOrgDN"> <set> <value>eduPersonOrgDN</value> <value>user.employer</value> </set> </entry> <entry key="eduPersonOrgUnitDN"> <set> <value>eduPersonOrgUnitDN</value> <value>user.department</value> </set> </entry> <entry key="eduPersonPrimaryAffiliation"> <value>eduPersonPrimaryAffiliation</value> </entry> <entry key="eduPersonPrincipalName"> <value>eduPersonPrincipalName</value> </entry> <entry key="c"> <value>c</value> </entry> <entry key="cn"> <value>cn</value> </entry> <entry key="description"> <value>description</value> </entry> <entry key="displayName"> <value>displayName</value> </entry> <entry key="facsimileTelephoneNumber"> <value>facsimileTelephoneNumber</value> </entry> <entry key="givenName"> <set> <value>givenName</value> <value>user.name.given</value> </set> </entry> <entry key="homePhone"> <value>homePhone</value> </entry> <entry key="homePostalAddress"> <value>homePostalAddress</value> </entry> <entry key="initials"> <value>initials</value> </entry> <entry key="jpegPhoto"> <value>jpegPhoto</value> </entry> <entry key="l"> <value>l</value> </entry> <entry key="labeledURI"> <value>labeledURI</value> </entry> <entry key="mail"> <set> <value>mail</value> <value>user.home-info.online.email</value> </set> </entry> <entry key="mobile"> <value>mobile</value> </entry> <entry key="o"> <value>o</value> </entry> <entry key="ou"> <value>ou</value> </entry> <entry key="pager"> <value>pager</value> </entry> <entry key="postalAddress"> <value>postalAddress</value> </entry> <entry key="postalCode"> <value>postalCode</value> </entry> <entry key="postOfficeBox"> <value>postOfficeBox</value> </entry> <entry key="preferredLanguage"> <value>preferredLanguage</value> </entry> <entry key="seeAlso"> <value>seeAlso</value> </entry> <entry key="sn"> <set> <value>sn</value> <value>user.name.family</value> </set> </entry> <entry key="st"> <value>st</value> </entry> <entry key="street"> <value>street</value> </entry> <entry key="telephoneNumber"> <value>telephoneNumber</value> </entry> <entry key="uid"> <value>uid</value> </entry> <entry key="userCertificate"> <value>userCertificate</value> </entry> <entry key="userSMIMECertificate"> <value>userSMIMECertificate</value> </entry> </map> </property> </bean> - You may need to update the available attributes and query to match your server. Connections to Active Directory servers will most likely use a query of "(sAMAccountName={0})".
Step 3. Build and deploy the modifications
From the root of your uPortal source:
ant clean deploy-ear
Step 4: Restart uPortal
Restart your tomcat server after deploying your modifications