IDP -- need to query attribute store with two different search filters
David Bantz
dabantz at alaska.edu
Mon Mar 17 15:05:14 EDT 2014
We use filters at both authentication and attribute resolver, as we allow use of either student number or name-based identifier in logins.
in the attribute resolver:
LDAP:
<FilterTemplate>
<![CDATA[
(|(uasystemid=$requestContext.principalName)(bannerid=$requestContext.principalName))
]]>
</FilterTemplate>
AD:
<FilterTemplate>
<![CDATA[
(|(sAMAccountName=$requestContext.principalName)(uaIdentifier=$requestContext.principalName))
]]>
</FilterTemplate>
David Bantz
On Mon, 17 Mar 2014, at 10:15 , Steven Carmody <steven_carmody at brown.edu> wrote:
> The other thought I just had was to modify my ldap search filter to
> something like this:
>
> ( ((uid=[entered value]) OR (eduPersonPrincipalName=[EPPN value]) )
>
> where only one those would match a user object .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140317/0f78770f/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://shibboleth.net/pipermail/users/attachments/20140317/0f78770f/attachment.bin
More information about the users
mailing list