LDAP Error Code Messaging

Lille M lillemacdoe at gmail.com
Wed Nov 7 15:36:08 EST 2018 

Thanks Daniel!

Below is the ldap.properties file (scrubbed).


idp.authn.LDAP.authenticator                    = bindSearchAuthenticator
idp.authn.LDAP.ldapURL                          = ldaps://example.com
idp.authn.LDAP.baseDN                           =
ou=PEOPLE,dc=example,dc=com
idp.authn.LDAP.people.baseDN                     =
ou=PEOPLE,ou=ORG,dc=id,dc=example,dc=com
idp.authn.LDAP.userFilter                       = (uid={user})
idp.authn.LDAP.dnFormat                         =
uid=%s,ou=PEOPLE,ou=ORG,dc=id,dc=example,dc=com
idp.authn.LDAP.bindDN                           =
uid=idp3,dc=example,dc=com
idp.authn.LDAP.bindDNCredential                 = scrubbed
# new in IdP 3.2.x
#idp.attribute.resolver.LDAP.returnAttributes    = displayName,mail,uid
# TLS false as ELDAP on SSL with recognized CA
idp.authn.LDAP.useStartTLS                      = false
# As we are not setting trustCertificates/trustStore, switch the sslConfig
to point to jvmTrust to avoid errors for broken references....
idp.authn.LDAP.sslConfig                        = jvmTrust

# Time in milliseconds that connects will block
idp.authn.LDAP.connectTimeout                  = PT10S
# Time in milliseconds to wait for responses
idp.authn.LDAP.responseTimeout                 = PT10S


# LDAP pool configuration, used for both authn and DN resolution
idp.pool.LDAP.minSize                          = 3
idp.pool.LDAP.maxSize                          = 10
idp.pool.LDAP.validateOnCheckout               = false
idp.pool.LDAP.validatePeriodically             = true
idp.pool.LDAP.validatePeriod                   = PT5M
idp.pool.LDAP.prunePeriod                      = PT5M
idp.pool.LDAP.idleTime                         = PT10M
idp.pool.LDAP.blockWaitTime                    = PT3S
idp.pool.LDAP.failFastInitialize               = false


# Translating to the attribute-resolver.XML files -- as this may be
different from the auth config
idp.attribute.resolver.LDAP.ldapURL             = %{idp.authn.LDAP.ldapURL}
idp.attribute.resolver.LDAP.connectTimeout      =
%{idp.authn.LDAP.connectTimeout}
idp.attribute.resolver.LDAP.responseTimeout     =
%{idp.authn.LDAP.responseTimeout}
idp.attribute.resolver.LDAP.baseDN              =
%{idp.authn.LDAP.baseDN:undefined}
idp.attribute.resolver.LDAP.people.baseDN        =
%{idp.authn.LDAP.people.baseDN}
idp.attribute.resolver.LDAP.bindDN              = %{idp.authn.LDAP.bindDN}
idp.attribute.resolver.LDAP.bindDNCredential    =
%{idp.authn.LDAP.bindDNCredential}
idp.attribute.resolver.LDAP.useStartTLS         =
%{idp.authn.LDAP.useStartTLS:true}
idp.attribute.resolver.LDAP.trustCertificates   =
%{idp.authn.LDAP.trustCertificates}
idp.attribute.resolver.LDAP.searchFilter        =
(uid=$resolutionContext.principal)



On Tue, Nov 6, 2018 at 1:31 PM Daniel Fisher <dfisher at vt.edu> wrote:

> On Tue, Nov 6, 2018 at 4:03 PM Lille M <lillemacdoe at gmail.com> wrote:
>
>> >Did you wire the authentication response handler to the authenticator?
>> I hadn't,  I am not 100% where to do so.
>>
>
> Can you share your ldap.properties file?
>
> --Daniel Fisher
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20181107/7e5e358d/attachment.html>

More information about the users mailing list