employeeNumber from employeeID in active directory
Jean Robertson
jean.robertson at mcgill.ca
Tue Sep 6 20:58:14 BST 2011
Hello,
I am using a Shib IdP of 2.1.5 vintage.
I need to retreive from MS Active Directory employeeID.
I want to encode it as employeeNumber.
The AD server has been setup to release it to the shib IdP.
I have an attribute-resolver.xml snippet that looks like this:
<resolver:AttributeDefinition id="employeeNumber"
xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
sourceAttributeID="employeeID">
<resolver:Dependency ref="myLDAP" />
<resolver:AttributeEncoder xsi:type="SAML1String"
xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
name="urn:mace:dir:attribute-def:employeeNumber" />
<resolver:AttributeEncoder xsi:type="SAML2String"
xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
name="urn:oid:2.16.840.1.113730.3.1.3"
friendlyName="employeeNumber" />
</resolver:AttributeDefinition>
I have debugging turned on.
In the idp-process.log, I see the following:
[edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:882]
- Found the following attribute: employeeID=[150998702]
after that, nothing.
No mention of either employeeID or employeeNumber.
I am definitely missing something.
If anyone can point me in the right direction, it would be much appreciated.
Jean
--
Jean Robertson, McGill University (514) 398-8117
More information about the users
mailing list