Shib / ldap search base
Farzan Qureshi
fqureshi at rosmini.school.nz
Wed Oct 8 17:50:14 EDT 2014
Thanks Peter for your input. I agree with it and I will do it as suggested.
On 9 October 2014 10:22, Peter Schober <peter.schober at univie.ac.at> wrote:
> * Farzan Qureshi <fqureshi at rosmini.school.nz> [2014-10-08 01:16]:
> > Thanks for the detailed response. Actually I was thinking you are
> querying
> > multiple base DNs. Actually I don't want to use top level AD forest. I
> want
> > to keep it restricted to three or four OUs. But I believe in your case
> you
> > are using top level base DN and not multiple search base.
>
> The LDAP protocol doesn't have a way to say "search for this in those
> 3 basedns". You (i.e., the LDAP client) would have to issue 3 seperate
> searches in each of those basedns.
>
> I'd probably make sure the service DN used to perform the search does
> not have read/search access to the parts of the DIT you don't want it
> to search. Then you could still have simple configuration on the
> client side (and slightly more efficient than issueing multiple
> identical searches with different search bases) but limit the IDP to
> specific parts of the DIT.
> (If you're performing anonymous binds during the search, well, don't
> do that.)
> -peter
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager (
admin at rosmini.school.nz). Please note that any views or opinions presented
in this email are solely those of the author and do not necessarily
represent those of the company. Finally, the recipient should check this
email and any attachments for the presence of viruses. Rosmini College
accepts no liability for any damage caused by any virus transmitted by this
email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20141009/a0b9265a/attachment.html
More information about the users
mailing list