That would be a possility. But I was under the impression that Acegi could do that for me at login.
The LdapUserDetailsImpl I retrieve after logon has a method getAttributes which always is empty. Does this mean I have to write my own LdapUserDetailsMapper and inject it in the BindAuthenticator used by the LdapAuthenticationProvider?
After some digging and debugging it notice that LdapTemplate makes a call to javax.naming.directory.DirContext.mapAttributes:
Debugging this code makes clear that although attrIds is null, which should retrieve all attributes, no attributes are returned. So I guess it is not Acegi's fault...
Attributes javax.naming.directory.DirContext.getAttributes(String name, String attrIds) throws NamingException
Retrieves selected attributes associated with a named object. See getAttributes(Name, String) for details.
name The name of the object from which to retrieve attributes
attrIds the identifiers of the attributes to retrieve. null indicates that all attributes should be retrieved; an empty array indicates that none should be retrieved.
the requested attributes; never null
NamingException if a naming exception is encountered
B.t.w. filling the attrIds with the attributes to retrieve doesn't do anything either...
I do not understand what is going on...