Attributes not being release from AD
Daniel Fisher
dfisher at vt.edu
Fri Feb 12 17:53:25 EST 2016
On Fri, Feb 12, 2016 at 4:59 PM, Michael Richter <mrichter at coastal.edu>
wrote:
> Daniel,
>
> I’ve attached a txt file with thefull auth requests and responses and
> the attrib resolver request and responses. It looks like I’m searching the
> correct DN with the correct search filter (sAMAccountname=mrichgter) but
> it’s not finding it. Thanks!
>
It's worth noting that the entry resolver used by authentication and the
attribute resolver perform different searches on different baseDns for this
configuration. I don't think that is the problem, just note that one search
is performed on CN=mrichter,OU=CCU, DC=coastal, DC=edu, the other is
performed on OU=CCU, DC=coastal, DC=edu.
Just as a sanity check, I wanted to confirm
a) what version of the IDP are you testing?
b) you turned off pooling for this test?
Change this property:
idp.attribute.resolver.LDAP.returnAttributes =
sn,displayName,mail,sAMAccountName
to this
idp.attribute.resolver.LDAP.returnAttributes = sn displayName mail
sAMAccountName
--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160212/808388b9/attachment.html>
More information about the users
mailing list