idp login issue connecting to ldap
Jason Separovic
jseppa01 at gmail.com
Sat Aug 1 00:33:32 EDT 2015
Hi,
I'm trying to setup a simple google apps test case with idp 3.1.2. I also
have openldap 2.4.39-8.el6 setup on the same host
It seems as though ldap is working fine when I use the aacli command:
> [root at dev1 bin]# ./aacli.sh --requester google.com --principal jason
>
>
>
> {
>
> "requester": "google.com",
>
> "principal": "jason",
>
> "attributes": [
>
>
>
>
>
> {
>
> "name": "googleNameID",
>
> "values": [
>
> "StringAttributeValue{value=jason at jseppa.com}" ]
>
> }
>
>
>
> ]
>
> }
>
>
However, when I direct my browser to the google api, I get redirected to the
idp login page as expected, however when I enter the ldap user/pass, the
form just returns another blank form.
Tcpdump on 389 reveals no attempt to connect to ldap and, org.ldaptive TRACE
shows nothing in the logs.
I'm using the following ldap in the attribute resolver, so I think the
ldap.properties should be good:
<resolver:DataConnector id="ldap" xsi:type="dc:LDAPDirectory"
ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
principal="%{idp.attribute.resolver.LDAP.bindDN}"
principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}">
<dc:FilterTemplate>
<![CDATA[
%{idp.attribute.resolver.LDAP.searchFilter}
]]>
</dc:FilterTemplate>
</resolver:DataConnector>
Is there anything that needs to be configured in order to use ldap in the
auth process? I'm sure I'm missing something simple here, just beating my
head against the wall a bit.
Thanks,
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150731/19c5f4be/attachment.html>
More information about the users
mailing list