Get list of groups in which user has membership in shibboleth with openLDAP
Chaitanya Kumar Ch
chaitu381923 at gmail.com
Tue May 3 11:35:26 EDT 2016
Hi,
I tried to get list of groups of a user by following
https://wiki.shibboleth.net/confluence/display/SHIB2/ResolverScriptAttributeDefinitionExamples
but I am getting error in idp-process.log as distinguishedName always
returning nothing.
attribute-resolver.xml:
<!-- get the user's DN from the main LDAP connector (myLDAP) for searching
the groups the user is in -->
<resolver:AttributeDefinition id="distinguishedName"
xsi:type="ad:Simple" sourceAttributeID="distinguishedName">
<resolver:Dependency ref="myLDAP" />
<!-- no encoder needed -->
</resolver:AttributeDefinition>
<!-- search for all groups the user is recursively in - and flatten the
distinguishedName(s)
of all the groups into a single multivalued attribute -->
<resolver:DataConnector id="groupLDAP" xsi:type="dc:LDAPDirectory"
ldapURL="ldap://192.XXXXXXXX:389" baseDN="OU=Groups and
Resources,DC=test,DC=com"
principal="CN=admin,DC=test,DC=com" principalCredential="XXXXXXX">
<resolver:Dependency ref="distinguishedName" />
<dc:FilterTemplate>
<![CDATA[
(member:1.2.840.113556.1.4.1941:=${distinguishedName.get(0)})
]]>
</dc:FilterTemplate>
<dc:ReturnAttributes>distinguishedName</dc:ReturnAttributes>
<dc:LDAPProperty name="java.naming.referral" value="follow" />
</resolver:DataConnector>
<!-- define the memberOf attribute based on the distinguishedName attribute
returned by the groupLDAP connector - names of all groups the user is
in -->
<resolver:AttributeDefinition id="memberOf"
xsi:type="ad:Simple" sourceAttributeID="distinguishedName">
<resolver:Dependency ref="groupLDAP" />
<!-- no encoder needed -->
</resolver:AttributeDefinition>
Please help me.
--
Thank You,
Chaitanya Kumar Ch,
+91 9550837582
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160503/b8676d71/attachment.html>
More information about the users
mailing list