Get list of groups in which user has membership in shibboleth with openLDAP
Peter Schober
peter.schober at univie.ac.at
Tue May 3 15:04:32 EDT 2016
* Chaitanya Kumar Ch <chaitu381923 at gmail.com> [2016-05-03 17:36]:
> I tried to get list of groups of a user by following
> https://wiki.shibboleth.net/confluence/display/SHIB2/ResolverScriptAttributeDefinitionExamples
>
> but I am getting error in idp-process.log as distinguishedName always
> returning nothing.
Maybe also look at the OpenLDAP memberOf overlay, exposing "virtual"
group membership attributes in the user object, effectively creating
zero-maintenance "forward referencing" groups.
Then each application that wants to know what groups user X is a
member of will find those as memberOf attribute values in the user
object, and doesn't have to go hunt though group objects carrying the
user's DN as attribute. (Those are useful, too, of course, to quickly
answer a different question, i.e., what are the members of group A?)
-peter
More information about the users
mailing list