Dynamic baseDN in DataConnector tag of attribute-resolver.xml file

Tom Zeller tzeller at unicon.net
Fri Dec 16 15:53:09 GMT 2011


Oh, too early. Maybe you want :

  <FilterTemplate>
        <![CDATA[
            (entryDN=${requestContext.principalName})
        ]]>
    </FilterTemplate>

On Fri, Dec 16, 2011 at 9:50 AM, Tom Zeller <tzeller at unicon.net> wrote:
> How dynamic is the baseDN ? i.e. How many different baseDNs do you
> anticipate ? Would multiple ldap data connectors work ?
>
> On Fri, Dec 16, 2011 at 9:45 AM, Thierry Albain <talbain at sqli.com> wrote:
>> Thanks, but obviously I read this page of the documentation.
>> I read also the java source of the dataconnector : and I've seen it doesn't
>> accept variables in baseDN.
>> So How can I do ?
>>
>>
>> On Fri, Dec 16, 2011 at 16:38, Chad La Joie <lajoie at itumi.biz> wrote:
>>>
>>> Here you go, first hit if you had search for "ldap data connector":
>>>
>>> https://wiki.shibboleth.net/confluence/display/SHIB2/ResolverLDAPDataConnector
>>>
>>>
>>> On Fri, Dec 16, 2011 at 10:33, Thierry Albain <talbain at sqli.com> wrote:
>>> > I don't find this doc, I just tried to imagine a solution, but it
>>> > doesn't
>>> > work : the  ${requestContext.principalName} is not replaced by its
>>> > value.
>>> > Could you please send me the doc URL where it is explained ?
>>> >
>>> > What I want is to select a subentry in my ldap, which depends on the
>>> > principalName.
>>> >
>>> > Thanks a lot
>>> >
>>> >
>>> >
>>> > On Fri, Dec 16, 2011 at 16:27, Chad La Joie <lajoie at itumi.biz> wrote:
>>> >>
>>> >> You haven't said what you actually want to do.  The example you showed
>>> >> filled in your user ID into a string.  That's what the example in the
>>> >> docs show to.  So yes, you can do that.
>>> >>
>>> >> On Fri, Dec 16, 2011 at 10:23, Thierry Albain <talbain at sqli.com> wrote:
>>> >> > I did it, but without success.
>>> >> > Has someone done it before ?
>>> >> >
>>> >> >
>>> >> > On Fri, Dec 16, 2011 at 16:06, Chad La Joie <lajoie at itumi.biz> wrote:
>>> >> >>
>>> >> >> Refer to the documentation for what the template language supports.
>>> >> >>
>>> >> >> On Fri, Dec 16, 2011 at 09:57, Thierry Albain <talbain at sqli.com>
>>> >> >> wrote:
>>> >> >> > Hi everybody
>>> >> >> >
>>> >> >> > I work with the latest version of Shibboleth.
>>> >> >> >
>>> >> >> > I would like to configure my LDAP Dataconnector with a dynamic
>>> >> >> > baseDN
>>> >> >> > which
>>> >> >> > depends on the result of the principalName.
>>> >> >> > For example, here is my (bad) DataConnector:
>>> >> >> >
>>> >> >> > <resolver:DataConnector id="openDJ" xsi:type="dc:LDAPDirectory"
>>> >> >> >       ldapURL="ldap://localhost:389"
>>> >> >> >       baseDN="cn=${requestContext.principalName}, ou=users,
>>> >> >> > ou=mycompany,
>>> >> >> > c=com"
>>> >> >> >       principal="cn=Directory Manager"
>>> >> >> >       principalCredential="************"
>>> >> >> >       searchScope="ONELEVEL">
>>> >> >> >       <dc:FilterTemplate>
>>> >> >> >           <![CDATA[
>>> >> >> >               (cn=*)
>>> >> >> >           ]]>
>>> >> >> >       </dc:FilterTemplate>
>>> >> >> >       <dc:ReturnAttributes>cn</dc:ReturnAttributes>
>>> >> >> > </resolver:DataConnector>
>>> >> >> >
>>> >> >> > If I authenticate with my own credentials (id=talbain), I should
>>> >> >> > find
>>> >> >> > entries like this : cn=xxx,cn=talbain,ou=users,ou=mycompany,c=com
>>> >> >> > It doesn't work, but how can I proceed to succeed ?
>>> >> >> >
>>> >> >> > Thanks a lot
>>> >> >> >
>>> >> >> > Thierry ALBAIN
>>> >> >> >
>>> >> >> >
>>> >> >> > --
>>> >> >> > To unsubscribe from this list send an email to
>>> >> >> > users-unsubscribe at shibboleth.net
>>> >> >>
>>> >> >>
>>> >> >>
>>> >> >> --
>>> >> >> Chad La Joie
>>> >> >> www.itumi.biz
>>> >> >> trusted identities, delivered
>>> >> >> --
>>> >> >> To unsubscribe from this list send an email to
>>> >> >> users-unsubscribe at shibboleth.net
>>> >> >
>>> >> >
>>> >> >
>>> >> > --
>>> >> > To unsubscribe from this list send an email to
>>> >> > users-unsubscribe at shibboleth.net
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Chad La Joie
>>> >> www.itumi.biz
>>> >> trusted identities, delivered
>>> >> --
>>> >> To unsubscribe from this list send an email to
>>> >> users-unsubscribe at shibboleth.net
>>> >
>>> >
>>> >
>>> > --
>>> > To unsubscribe from this list send an email to
>>> > users-unsubscribe at shibboleth.net
>>>
>>>
>>>
>>> --
>>> Chad La Joie
>>> www.itumi.biz
>>> trusted identities, delivered
>>> --
>>> To unsubscribe from this list send an email to
>>> users-unsubscribe at shibboleth.net
>>
>>
>>
>> --
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net


More information about the users mailing list