A confusing attribute resolver configuration
Wessel, Keith
kwessel at illinois.edu
Wed Oct 21 11:57:01 EDT 2015
Yes, Brendan, that's precisely why it's populated that way. It was used by LDAP clients back in the day, and I'm sure we still have a few Exchange global address list resistors.
Chris, I think you're onto something. GivanNem will never be populated in the LDAP without uiucEduFirstName. So, if uiucEduFirstName is populated, I know the data is coming from the LDAP. That'll do it!
Much appreciated,
Keith
-----Original Message-----
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Christopher Bongaarts
Sent: Wednesday, October 21, 2015 10:39 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: A confusing attribute resolver configuration
On 10/21/2015 10:34 AM, Wessel, Keith wrote:
> I thought I could do a scripted attribute definition to handle this, but since givenName appears in both sources and I don't want to use the one from the campus LDAP, I'm not sure how to tell the script to only use givenName from AD.
Would it be sufficient if the script said "use uiucEduFirstName if
present, otherwise use givenName"?
Otherwise you might be able to play games with the Dependencies...
--
%% Christopher A. Bongaarts %% cab at umn.edu %%
%% OIT - Identity Management %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list