IDP : Dynamically choose ldap instance from principal
Tom Zeller
tzeller at dragonacea.biz
Tue Nov 5 17:18:07 EST 2013
> I have got several ldap instance, which contains each a subset of
> users. I would like to configure an IDP to get all attributes from an
> user.
> Is it possible to change DataConnector to do something like this?
To get attributes for *every* user from multiple ldap instances, you
could add one data connector per ldap instance to
attribute-resolver.xml :
<resolver:DataConnector id="LDAP1" ldapURL="ldap://ldap1.example.org" ...
<resolver:DataConnector id="LDAP2" ldapURL="ldap://ldap2.example.org" ...
for attributes which exist on more than one ldap instance :
<resolver:AttributeDefinition id="affiliation" ...
<resolver:Dependency ref="LDAP1" />
<resolver:Dependency ref="LDAP2" />
If I understand correctly.
Obviously, this would result in more ldap searches, unnecessarily, but
I would think that would be okay.
More information about the users
mailing list