adamfranco · August 29, 2015 14:07
diff --git a/deployerConfigContext.xml b/deployerConfigContext.xml
 ...

        <!-- LDAP Authentication Configuration -->
        <bean id="ldapAuthenticationHandler"
                class="org.jasig.cas.authentication.LdapAuthenticationHandler"
                p:principalIdAttribute="middleburyCollegeUID"
                c:authenticator-ref="authenticator">
                <property name="principalAttributeMap">
                        <map>
                        <!--| This map provides a simple attribute resolution mechanism.
                                | Keys are LDAP attribute names, values are CAS attribute names.
                                | Use this facility instead of a PrincipalResolver if LDAP is
                                | the only attribute source.  -->

                                <!-- Mapping beetween LDAP entry's attributes (key) and Principal"s (value) -->

                                <entry value="Id" key="middleburyCollegeUID"/>
                                <entry value="Status" key="extensionAttribute12"/>
                                <entry value="DisplayName" key="cn"/>
                                <entry value="FirstName" key="givenName"/>
                                <entry value="LastName" key="sn"/>
                                <entry value="Title" key="title"/>
                                <entry value="Department" key="department"/>
                                <entry value="Institution" key="company"/>
                                <entry value="EMail" key="mail"/>
                                <entry value="Login" key="sAMAccountName"/>
                                <entry value="TelephoneNumber" key="telephoneNumber"/>
                                <entry value="Language" key="msExchUserCulture"/>
                                <entry value="MemberOf" key="memberOf"/>
                        </map>
                </property>
        </bean>

        <bean id="authenticator" class="org.ldaptive.auth.Authenticator"
                c:resolver-ref="dnResolver"
                c:handler-ref="authHandler">
                <!-- Add the RecursiveEntryHandler to flatten the group hierarchy and 
                include ancestor groups in the MemberOf response values. -->
                <property name="entryResolver">
                        <bean class="org.ldaptive.auth.PooledSearchEntryResolver"
                                p:connectionFactory-ref="searchPooledLdapConnectionFactory">
                                <property name="searchEntryHandlers">
                                        <bean class="org.ldaptive.handler.RecursiveEntryHandler"
                                                p:searchAttribute="memberOf"
                                                p:mergeAttributes="memberOf"/>
                                </property>
                        </bean>
                </property>
        </bean>

        <bean id="dnResolver" class="org.ldaptive.auth.PooledSearchDnResolver"
                p:baseDn="${ldap.authn.baseDn}"
                p:allowMultipleDns="false"
                p:subtreeSearch="${ldap.authn.subtreeSearch}"
                p:connectionFactory-ref="searchPooledLdapConnectionFactory"
                p:userFilter="${ldap.authn.searchFilter}" />

        <bean id="searchPooledLdapConnectionFactory"
                class="org.ldaptive.pool.PooledConnectionFactory"
                p:connectionPool-ref="searchConnectionPool" />

        <bean id="searchConnectionPool" parent="abstractConnectionPool"
                p:connectionFactory-ref="searchConnectionFactory" />

        <bean id="searchConnectionFactory"
                class="org.ldaptive.DefaultConnectionFactory"
                p:connectionConfig-ref="searchConnectionConfig" />

        <bean id="searchConnectionConfig" parent="abstractConnectionConfig"
                p:connectionInitializer-ref="bindConnectionInitializer" />

        <bean id="bindConnectionInitializer"
                        class="org.ldaptive.BindConnectionInitializer"
                        p:bindDn="${ldap.authn.managerDn}">
                <property name="bindCredential">
                        <bean class="org.ldaptive.Credential"
                                c:password="${ldap.authn.managerPassword}" />
                  </property>
        </bean>

        <bean id="abstractConnectionPool" abstract="true"
                class="org.ldaptive.pool.BlockingConnectionPool"
                init-method="initialize"
                p:poolConfig-ref="ldapPoolConfig"
                p:blockWaitTime="${ldap.pool.blockWaitTime}"
                p:validator-ref="searchValidator"
                p:pruneStrategy-ref="pruneStrategy" />

        <bean id="abstractConnectionConfig" abstract="true"
                class="org.ldaptive.ConnectionConfig"
                p:ldapUrl="${ldap.url}"
                p:connectTimeout="${ldap.connectTimeout}"
                p:useStartTLS="${ldap.useStartTLS}"
                p:sslConfig-ref="sslConfig" />

        <bean id="ldapPoolConfig" class="org.ldaptive.pool.PoolConfig"
                p:minPoolSize="${ldap.pool.minSize}"
                p:maxPoolSize="${ldap.pool.maxSize}"
                p:validateOnCheckOut="${ldap.pool.validateOnCheckout}"
                p:validatePeriodically="${ldap.pool.validatePeriodically}"
                p:validatePeriod="${ldap.pool.validatePeriod}" />

        <bean id="sslConfig" class="org.ldaptive.ssl.SslConfig">
                <property name="credentialConfig">
                        <bean class="org.ldaptive.ssl.X509CredentialConfig"
                                p:trustCertificates="${ldap.trustedCert}" />
                </property>
        </bean>

        <bean id="pruneStrategy" class="org.ldaptive.pool.IdlePruneStrategy"
                p:prunePeriod="${ldap.pool.prunePeriod}"
                p:idleTime="${ldap.pool.idleTime}" />

        <bean id="searchValidator" class="org.ldaptive.pool.SearchValidator" />

        <bean id="authHandler" class="org.ldaptive.auth.PooledBindAuthenticationHandler"
                p:connectionFactory-ref="bindPooledLdapConnectionFactory" />

        <bean id="bindPooledLdapConnectionFactory"
                class="org.ldaptive.pool.PooledConnectionFactory"
                p:connectionPool-ref="bindConnectionPool" />

        <bean id="bindConnectionPool" parent="abstractConnectionPool"
                p:connectionFactory-ref="bindConnectionFactory" />

        <bean id="bindConnectionFactory"
                class="org.ldaptive.DefaultConnectionFactory"
                p:connectionConfig-ref="bindConnectionConfig" />

        <bean id="bindConnectionConfig" parent="abstractConnectionConfig" />

 ...
	...

	<!-- LDAP Authentication Configuration -->
	<bean id="ldapAuthenticationHandler"
	class="org.jasig.cas.authentication.LdapAuthenticationHandler"
	p:principalIdAttribute="middleburyCollegeUID"
	c:authenticator-ref="authenticator">
	<property name="principalAttributeMap">
	<map>
	<!--\| This map provides a simple attribute resolution mechanism.
	\| Keys are LDAP attribute names, values are CAS attribute names.
	\| Use this facility instead of a PrincipalResolver if LDAP is
	\| the only attribute source. -->

	<!-- Mapping beetween LDAP entry's attributes (key) and Principal"s (value) -->

	<entry value="Id" key="middleburyCollegeUID"/>
	<entry value="Status" key="extensionAttribute12"/>
	<entry value="DisplayName" key="cn"/>
	<entry value="FirstName" key="givenName"/>
	<entry value="LastName" key="sn"/>
	<entry value="Title" key="title"/>
	<entry value="Department" key="department"/>
	<entry value="Institution" key="company"/>
	<entry value="EMail" key="mail"/>
	<entry value="Login" key="sAMAccountName"/>
	<entry value="TelephoneNumber" key="telephoneNumber"/>
	<entry value="Language" key="msExchUserCulture"/>
	<entry value="MemberOf" key="memberOf"/>
	</map>
	</property>
	</bean>

	<bean id="authenticator" class="org.ldaptive.auth.Authenticator"
	c:resolver-ref="dnResolver"
	c:handler-ref="authHandler">
	<!-- Add the RecursiveEntryHandler to flatten the group hierarchy and
	include ancestor groups in the MemberOf response values. -->
	<property name="entryResolver">
	<bean class="org.ldaptive.auth.PooledSearchEntryResolver"
	p:connectionFactory-ref="searchPooledLdapConnectionFactory">
	<property name="searchEntryHandlers">
	<bean class="org.ldaptive.handler.RecursiveEntryHandler"
	p:searchAttribute="memberOf"
	p:mergeAttributes="memberOf"/>
	</property>
	</bean>
	</property>
	</bean>

	<bean id="dnResolver" class="org.ldaptive.auth.PooledSearchDnResolver"
	p:baseDn="${ldap.authn.baseDn}"
	p:allowMultipleDns="false"
	p:subtreeSearch="${ldap.authn.subtreeSearch}"
	p:connectionFactory-ref="searchPooledLdapConnectionFactory"
	p:userFilter="${ldap.authn.searchFilter}" />

	<bean id="searchPooledLdapConnectionFactory"
	class="org.ldaptive.pool.PooledConnectionFactory"
	p:connectionPool-ref="searchConnectionPool" />

	<bean id="searchConnectionPool" parent="abstractConnectionPool"
	p:connectionFactory-ref="searchConnectionFactory" />

	<bean id="searchConnectionFactory"
	class="org.ldaptive.DefaultConnectionFactory"
	p:connectionConfig-ref="searchConnectionConfig" />

	<bean id="searchConnectionConfig" parent="abstractConnectionConfig"
	p:connectionInitializer-ref="bindConnectionInitializer" />

	<bean id="bindConnectionInitializer"
	class="org.ldaptive.BindConnectionInitializer"
	p:bindDn="${ldap.authn.managerDn}">
	<property name="bindCredential">
	<bean class="org.ldaptive.Credential"
	c:password="${ldap.authn.managerPassword}" />
	</property>
	</bean>

	<bean id="abstractConnectionPool" abstract="true"
	class="org.ldaptive.pool.BlockingConnectionPool"
	init-method="initialize"
	p:poolConfig-ref="ldapPoolConfig"
	p:blockWaitTime="${ldap.pool.blockWaitTime}"
	p:validator-ref="searchValidator"
	p:pruneStrategy-ref="pruneStrategy" />

	<bean id="abstractConnectionConfig" abstract="true"
	class="org.ldaptive.ConnectionConfig"
	p:ldapUrl="${ldap.url}"
	p:connectTimeout="${ldap.connectTimeout}"
	p:useStartTLS="${ldap.useStartTLS}"
	p:sslConfig-ref="sslConfig" />

	<bean id="ldapPoolConfig" class="org.ldaptive.pool.PoolConfig"
	p:minPoolSize="${ldap.pool.minSize}"
	p:maxPoolSize="${ldap.pool.maxSize}"
	p:validateOnCheckOut="${ldap.pool.validateOnCheckout}"
	p:validatePeriodically="${ldap.pool.validatePeriodically}"
	p:validatePeriod="${ldap.pool.validatePeriod}" />

	<bean id="sslConfig" class="org.ldaptive.ssl.SslConfig">
	<property name="credentialConfig">
	<bean class="org.ldaptive.ssl.X509CredentialConfig"
	p:trustCertificates="${ldap.trustedCert}" />
	</property>
	</bean>

	<bean id="pruneStrategy" class="org.ldaptive.pool.IdlePruneStrategy"
	p:prunePeriod="${ldap.pool.prunePeriod}"
	p:idleTime="${ldap.pool.idleTime}" />

	<bean id="searchValidator" class="org.ldaptive.pool.SearchValidator" />

	<bean id="authHandler" class="org.ldaptive.auth.PooledBindAuthenticationHandler"
	p:connectionFactory-ref="bindPooledLdapConnectionFactory" />

	<bean id="bindPooledLdapConnectionFactory"
	class="org.ldaptive.pool.PooledConnectionFactory"
	p:connectionPool-ref="bindConnectionPool" />

	<bean id="bindConnectionPool" parent="abstractConnectionPool"
	p:connectionFactory-ref="bindConnectionFactory" />

	<bean id="bindConnectionFactory"
	class="org.ldaptive.DefaultConnectionFactory"
	p:connectionConfig-ref="bindConnectionConfig" />

	<bean id="bindConnectionConfig" parent="abstractConnectionConfig" />

	...