Can't retrieve attributes at Authentication phase
Daniel Fisher
dfisher at vt.edu
Fri May 1 10:36:07 EDT 2015
On Fri, May 1, 2015 at 8:15 AM, Ranil De Silva <
ranil.desilva at industrieit.com> wrote:
> Hi
>
> I am trying to retrieve the user's mobile number at the authentication
> phase. We have an Active Directory LDS server. In my previous experience AD
> servers didn't need any special permissions to read the directory but AD
> LDS has three roles - admin, readers and users. Users can't retrieve
> anything from the LDAP but can authenticate against it. While readers can
> read the LDAP and attributes and admins have full access. So once I created
> a reader user and configured its credentials, I am now getting attributes
> from the LDAP at the attribute resolution phase but nothing at the
> authentication phase.
>
> I initially thought the problem might be the fact I was
> using adAuthenticator and that did not seem to set the bind credentials (so
> that we use the reader credentials) so I switched to using the
> bindSearchAuthenticator but still not getting anything returned. Logs are
> shown below. I am checking the LdapEntry within the LDAPResponseContext for
> the attributes.
>
> Any help or hints would be much appreciated!
>
You need to wire up a SearchEntryResolver that has the credentials to view
the attributes you want. I'll try to get you some documentation on that
later today.
--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150501/612cfeb4/attachment.html>
More information about the users
mailing list