Authenticated memberof group

Cantor, Scott cantor.2 at
Tue May 2 19:10:25 EDT 2017

On 5/2/17, 6:36 PM, "users on behalf of Daniel McDonald" <users-bounces at on behalf of daniel.mcdonald at> wrote:

> We'd like to limit who's logging into shibboleth based on not only their 
> password, but if they're in a group as well.

Then why don't you change your LDAP filter in the authentication check to exclude entries that aren't in the group?

> I can return the "memberOf" attribute with a list of the users groups. I 
> hoped that putting this in the ldap search filter would work but it didnt:

That looks like it's from the attribute resolver. How would that impact authentication?

-- Scott

More information about the users mailing list