LDAP Data Connector not finding extended schema attribute

Martin, Andrew J. AMartin at towson.edu
Tue Sep 16 12:16:12 EDT 2014


I ran into similar issues when I tried to release AD's "whenChanged" attribute as a shibboleth attribute.

It ended up being that the domain service account we used for our LDAP connector did not have permissions to see the requested attribute in AD.

Try logging in and doing an LDAP query as the service account your Shibboleth is using; I'd be willing to bet you won't be able to see the attribute you're trying to release.

Good luck!


From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of khuether at mcdaniel.edu
Sent: Tuesday, September 16, 2014 11:57 AM
To: users at shibboleth.net
Subject: LDAP Data Connector not finding extended schema attribute

Hello all,

Apologies if this has already been asked or is posted somewhere online. I've been searching for a few days now and I can't seem to find any answers that can help me.

We have extended our Active Directory Schema to include some other (non-standard) attributes. I'm trying to get the IdP to release these attributes, but with the logs set to DEBUG, I don't see them as being found by the LDAP data connector. For the attribute that it does find, it releases them fine to the SP and aacli. Could anyone out there give me a hand or point me in the right direction?

Thanks so much,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140916/4c077b6c/attachment.html 

More information about the users mailing list