Authenticated memberof group
cantor.2 at osu.edu
Tue May 2 19:10:25 EDT 2017
On 5/2/17, 6:36 PM, "users on behalf of Daniel McDonald" <users-bounces at shibboleth.net on behalf of daniel.mcdonald at umb.edu> wrote:
> We'd like to limit who's logging into shibboleth based on not only their
> password, but if they're in a group as well.
Then why don't you change your LDAP filter in the authentication check to exclude entries that aren't in the group?
> I can return the "memberOf" attribute with a list of the users groups. I
> hoped that putting this in the ldap search filter would work but it didnt:
That looks like it's from the attribute resolver. How would that impact authentication?
More information about the users