Unable to get memberOf (OpenLDAP, using memberof overlay)
Simon Lundström
simlu at su.se
Wed Dec 11 04:57:39 EST 2019
How is your IDP authenticating against your LDAP-servers? At all?
Did you authenticate when using ldapsearch?
Does `ldapsearch -h ldap.domain.tld -x mail=michael.stevens at boku.com
memberof` give you the results you want?
It might be an ACL issue.
BR,
- Simon
On Wed, 2019-12-11 at 00:43:25 +0100, Stevens, M wrote:
>The first examples are from ldapsearch. If I specify "* +" with ldapsearch, I
>get user attributes and operational attributes, the latter including
>"memberOf" data.
>
>If I use "* +" in IDP/ReturnAttributes, I get user attributes and
>operational attributes ... but no memberOf.
>
>I have IDP logging set to debug, and can clearly see it returning 15 user
>attributes when I only include "*" in ReturnAttributes, and 25 user and
>operational attributes with I use "* +" in ReturnAttributes. I've tried
>explicitly including memberOf in ReturnAttributes, but it has no effect.
>
>Hopefully that's clear ... for whatever reason, ldapsearch thinks "memberOf"
>is an operational attribute, the IDP doesn't appear to.
>
>
>
>--
>Sent from: https://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
>--
>For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
>To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list