Authenticate via Shibboleth and LDAP

Chad La Joie lajoie at itumi.biz
Sat Jun 16 17:35:37 BST 2012


First, be sure you're using the actual Shibboleth documentation not some
third party document.

Second, turn on logging for the LDAP library and see what it says.

On 6/16/12 11:06 AM, Stephan Hackstedt wrote:
> Hi,
> 
> I'm new to Shibboleth and trying to setup a test environment on a single
> Windows / x64 machine.
> I followed some tutorials. Now I'm at a point where I'm trying to access
> a ressource on the SP. The redirection to the IdP loginpage works fine.
> But I cannot login, no matter if I use the right user/pw combination or not.
> I'm using LDAP as storage for the user data.
> I tested two different LDAP Systems (APacheDS, OpenDS) but I couldnt get
> it to work. The same error with both.
> 
> The connection to the LDAP service can be established successfull on IdP
> Startup, but after redirection and typing  username and passwort at the
> login screen Shibboleth IdP always gives the message "Credentials not
> recognized".
> Are there other configuration files, beside login.conf and
> attribute-resolver,xmlm which I need to consider?
> 
> It would be nice, if some has a hint for me regarding my problem, My
> progress really stucks.
> 
> conf snippets:
> 
> 
> attribute-resolver.xml:
> *
>     <!-- Example LDAP Connector for OpenDS-->
>     <resolver:DataConnector id="myLDAP" xsi:type="dc:LDAPDirectory"
>         ldapURL="ldap://127.0.0.1:12389 <http://127.0.0.1:12389>"
>         baseDN="ou=people,dc=example,dc=com"
>         principal="cn=Directory Manager"
>         principalCredential="secret2">
>         <dc:FilterTemplate>
>             <![CDATA[
>                 (uid=$requestContext.principalName)
>             ]]>
>         </dc:FilterTemplate>*
> 
> login.config:
> 
> *ShibUserPassAuth {
>       edu.vt.middleware.ldap.jaas.LdapLoginModule required
>       host="127.0.0.1"
>       base="ou=people,dc=example,dc=com"
>       bindDn ="cn=Directory Manager"
>       bindCredential="secret2"
>       port="12389"
>       ssl="false"
>       tls="false"
>       userField="uid";
> };*
> 
> Regards,
> Stephan
> 
> 
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
> 

-- 
Chad La Joie
www.itumi.biz
trusted identities, delivered




More information about the users mailing list