Two dataconnectors (openldap and AD)

Vignesh, Vanna G. vignesh at
Wed May 13 18:05:47 EDT 2015

This is what I see in idp logs.

17:57:47.108 - DEBUG [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:74] - Bind with the following parameters:
17:57:47.108 - DEBUG [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:75] -   authtype = simple
17:57:47.108 - DEBUG [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:76] -   dn = ********
17:57:47.109 - DEBUG [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:83] -   credential = <suppressed>
17:57:47.118 - DEBUG [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:163] - Error connecting to LDAP URL: ldap://*****
javax.naming.CommunicationException: ****.local:389
        at com.sun.jndi.ldap.Connection.<init>( ~[na:1.6.0_31]
        at com.sun.jndi.ldap.LdapClient.<init>( ~[na:1.6.0_31]

From: Vignesh, Vanna G.
Sent: Wednesday, May 13, 2015 5:56 PM
To: users at
Subject: Two dataconnectors (openldap and AD)

I have a openldap data connector which works fine.  I am trying to write another dc for active directory just to pull the groups from AD of the authenticated users. Openldap us used for authentication
First ,
I am getting CommunicationException error.  Error connecting to LDAP URL: ldap://    javax.naming.CommunicationException: edu:389. I also see javax.naming.PartialResultException: Unprocessed Continuation Reference. Here is my dc. Should I use dependency as openldap?
  <resolver:DataConnector id="mytestAD" xsi:type="LDAPDirectory"
        ldapURL=" ldap:// "


Where else should I define the samAccountName? The principal name of openldap is uid and principal name of AD is samaccountname. How would I tie it together to return all the group names of the user from AD?

To return the groups of the authenticated user from another dataconnector AD , should I use the following attribute definition? i.e. passing MemberOf to isMemberOf

<resolver:AttributeDefinition id="isMemberOf" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
        <resolver:Dependency ref="mytestAD" />
        <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:oid:" friendlyName="isMemberOf" />

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list