Multiple User Filters
Robert Duncan
Robert.Duncan at ncirl.ie
Fri Apr 15 08:14:36 EDT 2016
..of course, thanks Peter, it works as expected now
-----Original Message-----
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Peter Schober
Sent: Friday, April 15, 2016 1:08 PM
To: users at shibboleth.net
Subject: Re: Multiple User Filters
* Robert Duncan <Robert.Duncan at ncirl.ie> [2016-04-15 14:02]:
> I want to do the same for 3.4.1 in ldap.properties
>
> idp.authn.LDAP.userFilter= (sAMAccountName={user},
> userPrincipalName=(user))
>
> but I get - failed using
> filter=[org.ldaptive.SearchFilter at -1949206318::filter=(sAMAccountName=
> {user}, userPrincipalName=(user)), parameters={user=the_user
>
> probably I need a logical OR in the userFilter has anyone configured
> this?
If what you enter into the properties file becomes an LDAP search filter you'd need to enter a valid ldap search filter string. The spec
(RFC4515) has examples: https://tools.ietf.org/html/rfc4515#section-4
So from your use-case something like:
(|(sAMAccountName={user})(userPrincipalName={user}))
Note that you had "{user}" once, and "(user)" the second time.
-peter
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
________________________________
The information contained and transmitted in this e-mail is confidential information, and is intended only for the named recipient to which it is addressed. The content of this e-mail may not have been sent with the authority of National College of Ireland. Any views or opinions presented are solely those of the author and do not necessarily represent those of National College of Ireland. If the reader of this message is not the named recipient or a person responsible for delivering it to the named recipient, you are notified that the review, dissemination, distribution, transmission, printing or copying, forwarding, or any other use of this message or any part of it, including any attachments, is strictly prohibited. If you have received this communication in error, please delete the e-mail and destroy all record of this communication. Thank you for your assistance.
________________________________
More information about the users
mailing list