LDAP Data Connector not finding extended schema attribute
khuether at mcdaniel.edu
khuether at mcdaniel.edu
Tue Sep 16 14:36:53 EDT 2014
Hi everyone,
The problem was indeed the user didn't have access to those attributes.
Thank you!
Kenny
-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Peter Schober
Sent: Tuesday, September 16, 2014 12:59 PM
To: users at shibboleth.net
Subject: Re: LDAP Data Connector not finding extended schema attribute
* khuether at mcdaniel.edu <khuether at mcdaniel.edu> [2014-09-16 17:58]:
> We have extended our Active Directory Schema to include some other
> (non-standard) attributes. I'm trying to get the IdP to release these
> attributes, but with the logs set to DEBUG, I don't see them as being
> found by the LDAP data connector. For the attribute that it does find,
> it releases them fine to the SP and aacli. Could anyone out there give
> me a hand or point me in the right direction?
Besides ACLs/ACIs there's also the potential issue (documented in the
wiki[1]) of what port you're querying (RFC standard port vs. global catalog port) and whether the attribute in question is part of the "Partial Attribute Set" when querying the global catalog port.
So it all depends on your MS-AD deployment and how you configured Shibboleth to access it.
-peter
[1] https://wiki.shibboleth.net/confluence/display/SHIB2/LdapServerIssues
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list