Failure to return user's DN - Search result always empty
Daniel Fisher
dfisher at vt.edu
Mon May 11 15:09:50 EDT 2015
On Mon, May 11, 2015 at 2:42 PM, Guillaume Gilbert <
Gilbert.Guillaume at lacsq.org> wrote:
> # LDAP authentication configuration, see authn/ldap-authn-config.xml
>
> ## Authenticator strategy, either anonSearchAuthenticator,
> bindSearchAuthenticator, directAuthenticator, adAuthenticator
> #idp.authn.LDAP.authenticator = anonSearchAuthenticator
>
You haven't set an authenticator template, which means it's using anonymous
search then bind.
> # Search DN resolution, used by anonSearchAuthenticator,
> bindSearchAuthenticator
> idp.authn.LDAP.baseDN = ou=users,ou=system
> #idp.authn.LDAP.subtreeSearch = false
> idp.authn.LDAP.userFilter = (uid={user})
> # bind search configuration
> idp.authn.LDAP.bindDN = uid=admin,ou=system
> idp.authn.LDAP.bindDNCredential = ********
>
You have set a bindDN, which isn't used by the anonSearchAuthenticator.
Try setting this property:
idp.authn.LDAP.authenticator = bindSearchAuthenticator
--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150511/8e8a9086/attachment.html>
More information about the users
mailing list