Shibboleth IdP v3.2.1 & LDAP+AD Authentication

[Michael A Grady]

> On May 31, 2016, at 12:16 PM, IAM David Bantz <dabantz at alaska.edu> wrote:
> 
> FWIW, UA has what seems a similar use case (Oracle DSEE LDAP and AD as well) except that we need to fail over to multiple instances of AD.
> 
> David Bantz
> UA OIT IAM
> 
> On Tue, May 31, 2016 at 7:25 AM, Daniel Fisher <dfisher at vt.edu <mailto:dfisher at vt.edu>> wrote:
> On Tue, May 31, 2016 at 11:06 AM, Marco Malavolti <marco.malavolti at garr.it <mailto:marco.malavolti at garr.it>> wrote:
> Someone of you already know a solution for this use case? What I need to do to solve this situation and authenticate the users provided by both directories?
> 
> Can you describe your directory infrastructure? Are we talking about a single instance of OpenLDAP and a single instance of AD?
> 
> --Daniel fisher
> 


There are examples in the Wiki on the following page:

 https://wiki.shibboleth.net/confluence/display/IDP30/LDAPAuthnConfiguration <https://wiki.shibboleth.net/confluence/display/IDP30/LDAPAuthnConfiguration>

under DN resolution and Account State, of having more than one. But once you have to start replicating all that config, the advantage versus just going back to using JAAS to configure the multiple sources gets unclear. The JAAS config is simpler, but perhaps doesn't get you all the same account state options -- if you are going to use those. And it sounds like the JAAS options are going to get more flexible with 3.3 when it becomes available.


--
Michael A. Grady
IAM Architect, Unicon, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160531/34129ebd/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://shibboleth.net/pipermail/users/attachments/20160531/34129ebd/attachment.sig>