Custom Login Handlers? LDAP Authentication

Royder, Kyle D kroyder at
Thu Feb 28 14:33:44 EST 2013

Thanks for the help Scott.  This put me on a different search path of the users list and there seem to be a lot of discussion surrounding using a search filter vs implementing something in LDAP itself.  Looks like I have a few options moving forward.


-----Original Message-----
From: users-bounces at [mailto:users-bounces at] On Behalf Of Cantor, Scott
Sent: Thursday, February 28, 2013 12:19 PM
To: Shib Users
Subject: Re: Custom Login Handlers? LDAP Authentication

On 2/28/13 1:03 PM, "Royder, Kyle D" <kroyder at> wrote:

>We use LDAP for authentication and attribute queries.  We are wanting
>throw authentication errors if certain LDAP attributes are set certain
>ways and now allow the user to create an IdP session.

Well, normally I think you do that with LDAP by adjusting the search
filter that looks up the DN for binding. If you can't express it in a
simple search filter, there may be additional plug points in the vt-ldap
(now ladaptive) code that would let you do this by developing the
extension there rather than having to do a custom login handler.

The author's on the list, he would know and can comment.

-- Scott

To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list