Usage of LDAPPROPERTY in attribute-resolver.xml
Farzan Qureshi
fqureshi at rosmini.school.nz
Thu Aug 14 17:53:38 EDT 2014
Hi Scott,
You are the man! Thanks a lot.
I have now added as below and there are no erros now:
<!-- Example LDAP Connector -->
<resolver:DataConnector id="myLDAP" xsi:type="dc:LDAPDirectory"
ldapURL="ldap://ldap.myorg.com"
baseDN="ou=Users,dc=myorg,dc=com"
principal="CN=ServiceUser,OU=Users,DC=myorg,DC=com"
principalCredential="t3st3tye">
<dc:FilterTemplate>
<![CDATA[
(uid=$requestContext.principalName)
]]>
</dc:FilterTemplate>
<dc:LDAPProperty name="java.naming.ldap.attributes.binary"
value="objectGUID"/>
</resolver:DataConnector>
Microsoft documentation is full of errors and sytax errors I tell you :-)
Thanks for guiding me.
Kind regards,
Farzan
On 15 August 2014 09:41, Cantor, Scott <cantor.2 at osu.edu> wrote:
> On 8/14/14, 5:34 PM, "Farzan Qureshi" <fqureshi at rosmini.school.nz> wrote:
>
> >It says that to convert the AD records to binary when they are fetched by
> >Shibboleth, we have to add an LDAPPROPERTY. For example:
>
> If that's their example, it's wrong.
>
> ><LDAPProperty name="java.naming.ldap.attributes.binary"
> >value="objectGUID"/>
>
> Unless the default namespace is set to the data connector namespace, you
> need a dc: prefix on the element.
>
> >When I add the above configuration in attribute-resolver.xml and restart
> >tomcat services I get following errors.
>
> Read the error. It's telling you the mistake.
>
> >Caused by: org.xml.sax.SAXParseException; lineNumber: 345; columnNumber:
> >78; cvc-complex-type.2.4.a: Invalid content was found starting with
> >element 'LDAPProperty'. One of
> >'{"urn:mace:shibboleth:2.0:resolver:dc":ReturnAttributes,
> >"urn:mace:shibboleth:2.0:resolver:dc":LDAPProperty,
> > "urn:mace:shibboleth:2.0:resolver:dc":StartTLSTrustCredential,
> >"urn:mace:shibboleth:2.0:resolver:dc":StartTLSAuthenticationCredential,
> >"urn:mace:shibboleth:2.0:resolver:dc":ConnectionPool,
> >"urn:mace:shibboleth:2.0:resolver:dc":ResultCache}' is expected.
>
> See the namespace in front of the LDAPProperty element in the expected
> content list?
>
> See how the "starting with" line doesn't have that?
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager (
admin at rosmini.school.nz). Please note that any views or opinions presented
in this email are solely those of the author and do not necessarily
represent those of the company. Finally, the recipient should check this
email and any attachments for the presence of viruses. Rosmini College
accepts no liability for any damage caused by any virus transmitted by this
email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140815/63a75887/attachment.html
More information about the users
mailing list