IdP 3.2.1 Ldap problem

Negib A. Sherif aa8288 at wayne.edu
Thu Feb 4 11:11:19 EST 2016 

Hey Daniel,
I tried JAAS for authentication porting my 2.x DataConector and got the following error when attempting to login to Remote Ldap.  Any Hint to fix the error below?  Eventually, I want to stick with Ldap Authentication built in v3.

2016-02-04 10:47:56,091 - ERROR [net.shibboleth.idp.saml.profile:-2] - Uncaught runtime exception
java.lang.NullPointerException: null
        at javax.naming.NameImpl.<init>(NameImpl.java:283)
2016-02-04 10:47:56,097 - WARN [org.opensaml.profile.action.impl.LogEvent:76] - An error event occurred while processing the request: RuntimeException


I have commented out ...LDAP.baseDN config lines from the following files. Otherwise, I keep getting baseDN error.

root at ShibIdP:/opt/shibboleth-idp# grep -R "LDAP.baseDN" conf/*
conf/attribute-resolver.xml
conf/authn/ldap-authn-config.xml
conf/ldap.properties


________________________________
From: users <users-bounces at shibboleth.net> on behalf of Daniel Fisher <dfisher at vt.edu>
Sent: Wednesday, February 3, 2016 4:38 PM
To: Shib Users
Subject: Re: IdP 3.2.1 Ldap problem

On Wed, Feb 3, 2016 at 3:07 PM, Negib A. Sherif <aa8288 at wayne.edu<mailto:aa8288 at wayne.edu>> wrote:

exit; which is fine. uid is not duplicated and the two ldaps are unique. not a fail back. This is what I have on 2.x and it works perfectly. Right now, I am just trying to make it to work IdP 3.2.1 with the remote Ldap and come back to add local ldap.

You can port this configuration directly to v3 if you are willing to continue using JAAS for authentication. If you want to use the LDAP authentication built into v3 (which is what your logs indicate you are using) let me know and I'll provide some more details.




    <resolver:DataConnector id="myLDAP" xsi:type="dc:LDAPDirectory"
        xmlns="urn:mace:shibboleth:2.0:resolver:dc"
        ldapURL="ldaps://A.wayne.edu:636<http://A.wayne.edu:636>"
        principal="cn=remote-cn-name,ou=system groups,ou=groups,dc=wayne,dc=edu"
        principalCredential="password"
        lowercaseAttributeNames="true">
        <dc:FilterTemplate>
            <![CDATA[
                (uid=$requestContext.principalName)
            ]]>
        </dc:FilterTemplate>
        <dc:ReturnAttributes>uid</dc:ReturnAttributes>
        <ConnectionPool minPoolSize="3"/>
    </resolver:DataConnector>


This configuration should continue to work in v3. You can define properties in ldap.properties and put them in your configuration if that helps your deployments. Note that the default properties assume a single directory or multiple directories with the same configuration, so you'll need to define additional properties for your use case.

--Daniel Fisher

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160204/d802d355/attachment-0001.html>

More information about the users mailing list