defining an attribute based on the LDAP group membership.
Liam Hoekenga
liamr at umich.edu
Thu Jan 12 15:23:49 GMT 2012
Never mind... I've got a couple of other options.
Liam
Quoting Liam Hoekenga <liamr at umich.edu>:
> I find myself possibly needing to populate an attribute based on
> whether a user is a member of an LDAP group.
>
> I'm afraid that I'd have to resort to this thread..
>
> https://groups.google.com/group/shibboleth-users/browse_thread/thread/206146c1dc145470/720382a206da614c?lnk=gst&q=hoekenga+group#720382a206da614c
>
> ...where I retrieve all of the user's group and stuff them into a
> single multi-value attribute. Then I could base a new attribute on
> the presence of the desired group in the everyGroup attribute (or just
> do the check where-ever I was going to check the
> isMemberOfSpecialGroup attribute).
>
> Seems like this could be a use for a centrally held entitlement or
> maybe a role, but we don't have those yet. It seems silly to create a
> directory attribute specifically to authorize access to this one
> service.
>
> Can someone suggest an easier / smarter way to do this?
>
> Liam
>
>
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
> !DSPAM:4f0e021575151837513170!
>
>
>
>
More information about the users
mailing list