login fields

Peter Schober peter.schober at univie.ac.at
Wed Jul 24 12:51:17 EDT 2019

* shibboleth <isis96160 at gmail.com> [2019-07-24 17:49]:
> idp.authn.LDAP.userFilter = |(uid={user})(employeeNumber={user})
> the problem with this approach is that there's a really tiny chance of
> returning two users and since I'm trying  to migrate to shibboleth my DB
> already has existing users.
> So my question is what's is the best approach to give the user the option to
> login with the username or the numberID?Is this possible?

Is it guaranteed that both will map to the same subject (do they
belong to the sam person)? If so does it matter which DN the search
would return (do they contain the same data/attributes)?

> I'm going to need two Dn's right?! one for the username and other
> for the numberID

I don't know whether that's correct or whether you'd get an error.

If your data is such that not exactly one result is returned I guess
you'd either have to fix the data or avoid that appoach.

More information about the users mailing list