Trying to figure what the LDAP problem is:

Daniel Fisher dfisher at vt.edu
Mon Sep 26 16:12:26 BST 2011


On Mon, Sep 26, 2011 at 11:01 AM, Leonard Kroll <Leonard.Kroll at umb.edu>wrote:

> ** ** **
>
> Hi, I got the DN to work when Binding a user to perform the LDAP lookup.**
> **
>
> I am using MS LDAP if that makes any difference.****
>
> But I get the email and DN error that follows. Any Ideas?****
>
> ** **
>
> I would like to authenticate against either the email address or the
> sAMAddressName in the ldap.****
>
> ** **
>
> <resolver:AttributeDefinition xsi:type="ad:Simple" id="email"
> sourceAttributeID="mail">****
>
> <resolver:Dependency ref="myLDAP" />****
>
> <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="
> urn:mace:dir:attribute-def:mail" />****
>
> <resolver:AttributeEncoder xsi:type="enc:SAML2String"
> name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" />****
>
> </resolver:AttributeDefinition>****
>
> ** **
>
> ** **
>
> 10:47:22.385 - INFO [edu.vt.middleware.ldap.auth.SearchDnResolver:161] -
> Search for user: Aaaaaaa.bbbbbbb at umb.edu fail****
>
> ed using filter: email={0}****
>
> 10:47:22.386 - DEBUG [edu.vt.middleware.ldap.jaas.LdapLoginModule:136] -
> Authentication failed javax.naming.AuthenticationException: Cannot
> authenticate dn, invalid dn****
>
> **
>


Ok, looks like you're getting closer. I don't use Active Directory, but I'm
guessing that filter should be 'mail={0}'. At this point you should be able
to diagnose your problems by checking your AD logs.

--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20110926/554336a2/attachment.html 


More information about the users mailing list