FW: help, having problems authenticating user with LDAP
Daniel Fisher
dfisher at vt.edu
Tue Sep 20 16:59:22 BST 2011
On Tue, Sep 20, 2011 at 11:15 AM, Leonard Kroll <Leonard.Kroll at umb.edu>wrote:
> Thank you, adding the missing semi colon fixed the problem and now I get
> an error 32.(no data). I would like to lookup the user using "email"
> address, but it does not find the user.
>
> ShibUserPassAuth {
>
> // Example LDAP authentication
> // See:
> https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthUserPass
>
>
>
> edu.vt.middleware.ldap.jaas.LdapLoginModule required
> ldapUrl="ldaps://xxxxdc1.yyyyyyy.net
> ldaps://xxxxxxxdc2.tyyyyyyy.net"
> baseDN="dc=xxxxxx,dc=net"
> bindDn="xxxxxxx.yyyyyyy at zzzzz.edu"
> bindCredential="password"
> userFilter="email={0}"
> subtreeSearch="true";
>
> // Example Kerberos authentication, requires Sun's JVM
> // See:
> https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthUserPass
> /*
> com.sun.security.auth.module.Krb5LoginModule required
> useKeyTab="true"
> keyTab="/path/to/idp/keytab/file";
> */
>
> };
>
>
The bindDn option should contain a fully qualified DN. So something like:
cn=manager,ou=people,dc=xxxxxx,dc=net
Note that the bindDn/bindCredential options are only needed if your LDAP
doesn't allow anonymous searches for users.
--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20110920/9b0f8dc9/attachment-0001.html
More information about the users
mailing list