defining an attribute based on the LDAP group membership.
Liam Hoekenga
liamr at umich.edu
Wed Jan 11 21:41:20 GMT 2012
I find myself possibly needing to populate an attribute based on
whether a user is a member of an LDAP group.
I'm afraid that I'd have to resort to this thread..
https://groups.google.com/group/shibboleth-users/browse_thread/thread/206146c1dc145470/720382a206da614c?lnk=gst&q=hoekenga+group#720382a206da614c
...where I retrieve all of the user's group and stuff them into a
single multi-value attribute. Then I could base a new attribute on
the presence of the desired group in the everyGroup attribute (or just
do the check where-ever I was going to check the
isMemberOfSpecialGroup attribute).
Seems like this could be a use for a centrally held entitlement or
maybe a role, but we don't have those yet. It seems silly to create a
directory attribute specifically to authorize access to this one
service.
Can someone suggest an easier / smarter way to do this?
Liam
More information about the users
mailing list