Shibboleth Native LDAP Authentication and Binding with User Credentials

Ullfig, Roberto Alfredo rullfig at uic.edu
Thu May 10 09:44:59 EDT 2018


Thanks, that worked! On a related note, we have an ldap server (port 636) that has “LDAPTLS_REQCERT=never” set but it appears that the shibboleth IDP always requires a certificate for SSL. Is there any way around that?

---
Roberto Ullfig - rullfig at uic.edu
Systems Administrator
Enterprise Architecture and Development | ACCC
University of Illinois - Chicago

From: users <users-bounces at shibboleth.net> On Behalf Of Losen, Stephen C. (scl)
Sent: Wednesday, May 09, 2018 2:59 PM
To: Shib Users <users at shibboleth.net>
Subject: RE: Shibboleth Native LDAP Authentication and Binding with User Credentials

Hi,

I was recently doing this very thing myself.  You want to use the “directAuthenticator”, and also set the property  idp.authn.LDAP.dnFormat see the wiki for details:

https://wiki.shibboleth.net/confluence/display/IDP30/LDAPAuthnConfiguration

Stephen C. Losen
ITS - Systems and Storage
University of Virginia
scl at virginia.edu<mailto:scl at virginia.edu>    434-924-0640

From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Nate Klingenstein
Sent: Wednesday, May 09, 2018 3:19 PM
To: Shib Users <users at shibboleth.net<mailto:users at shibboleth.net>>
Subject: Re: Shibboleth Native LDAP Authentication and Binding with User Credentials

Roberto,

I assume that by "bind to LDAP using the user's credentials", that you mean you do anonymous BINDs.  If so, you can probably use the anonSearchAuthenticator, for which there is indeed a property.

https://wiki.shibboleth.net/confluence/display/IDP30/LDAPAuthnConfiguration

I don't believe that you'd want to store the user's credentials anywhere if you can avoid it.

Hope this helps,
Nate.

On Wed, May 9, 2018 at 11:59 AM, Ullfig, Roberto Alfredo <rullfig at uic.edu<mailto:rullfig at uic.edu>> wrote:
I’m looking at configuring the native shibboleth authentication service but historically we bind to ldap using the user’s credentials (not root or admin). Are those stored in some variable that can be accessed in the bean in authn/ldap-authn-config.xml? Thanks!

---
Roberto Ullfig - rullfig at uic.edu<mailto:rullfig at uic.edu>
Systems Administrator
Enterprise Architecture and Development | ACCC
University of Illinois - Chicago


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180510/c2b6a52a/attachment.html>


More information about the users mailing list