Usage of LDAPPROPERTY in attribute-resolver.xml

Farzan Qureshi fqureshi at rosmini.school.nz
Thu Aug 14 17:53:38 EDT 2014


Hi Scott,

You are the man! Thanks a lot.

I have now added as below and there are no erros now:

<!-- Example LDAP Connector -->

    <resolver:DataConnector id="myLDAP" xsi:type="dc:LDAPDirectory"
        ldapURL="ldap://ldap.myorg.com"
        baseDN="ou=Users,dc=myorg,dc=com"
        principal="CN=ServiceUser,OU=Users,DC=myorg,DC=com"
        principalCredential="t3st3tye">
        <dc:FilterTemplate>
            <![CDATA[
                (uid=$requestContext.principalName)
            ]]>
        </dc:FilterTemplate>

<dc:LDAPProperty name="java.naming.ldap.attributes.binary"
value="objectGUID"/>

    </resolver:DataConnector>



Microsoft documentation is full of errors and sytax errors I tell you :-)

Thanks for guiding me.

Kind regards,

Farzan


On 15 August 2014 09:41, Cantor, Scott <cantor.2 at osu.edu> wrote:

> On 8/14/14, 5:34 PM, "Farzan Qureshi" <fqureshi at rosmini.school.nz> wrote:
>
> >It says that to convert the AD records to binary when they are fetched by
> >Shibboleth, we have to add an LDAPPROPERTY. For example:
>
> If that's their example, it's wrong.
>
> ><LDAPProperty name="java.naming.ldap.attributes.binary"
> >value="objectGUID"/>
>
> Unless the default namespace is set to the data connector namespace, you
> need a dc: prefix on the element.
>
> >When I add the above configuration in attribute-resolver.xml and restart
> >tomcat services I get following errors.
>
> Read the error. It's telling you the mistake.
>
> >Caused by: org.xml.sax.SAXParseException; lineNumber: 345; columnNumber:
> >78; cvc-complex-type.2.4.a: Invalid content was found starting with
> >element 'LDAPProperty'. One of
> >'{"urn:mace:shibboleth:2.0:resolver:dc":ReturnAttributes,
> >"urn:mace:shibboleth:2.0:resolver:dc":LDAPProperty,
> > "urn:mace:shibboleth:2.0:resolver:dc":StartTLSTrustCredential,
> >"urn:mace:shibboleth:2.0:resolver:dc":StartTLSAuthenticationCredential,
> >"urn:mace:shibboleth:2.0:resolver:dc":ConnectionPool,
> >"urn:mace:shibboleth:2.0:resolver:dc":ResultCache}' is expected.
>
> See the namespace in front of the LDAPProperty element in the expected
> content list?
>
> See how the "starting with" line doesn't have that?
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>



-- 
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530

-- 
This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 
If you have received this email in error please notify the system manager (
admin at rosmini.school.nz). Please note that any views or opinions presented 
in this email are solely those of the author and do not necessarily 
represent those of the company. Finally, the recipient should check this 
email and any attachments for the presence of viruses. Rosmini College 
accepts no liability for any damage caused by any virus transmitted by this 
email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140815/63a75887/attachment.html 


More information about the users mailing list