JAAS configuration needed for SearchDnResolver
Bickel, David
jdbickel at iu.edu
Wed May 22 22:08:31 EDT 2019
Hi all,
I am wondering if anyone has any advice for us in wiring up the jaas-authn-config.xml and jaas.config to use the SearchDNResolver? I have a Guest system with accounts in an Active Directory where the user know identifier is “mail”. So I am attempting to use the ldaptive SearchDNResolver using userFilter=“(mail={user})” to resolve the proper DN.
Recent attempts have ended in failure, my last one was using PooledSearchDNResolver attempted code noted below. I appreciate any advice that can be provided.
Thanks,
--David
ShibUserPassAuth {
org.ldaptive.jaas.LdapLoginModule required
ldapUrl="ldaps://eads.iu.edu:636"
baseDn="ou=Accounts,dc=eads,dc=iu,dc=edu"
bindDN="cn=<shibcredential>,ou=Accounts,dc=eads,dc=iu,dc=edu"
bindCredential=”file:/opt/secret/bind.credential”
useSSL="true"
credentialConfig="{trustCertificates=file:/opt/shibboleth-idp/credentials/ldap-server.pem}"
userFilter="(mail={user})"
dnResolver="org.ldaptive.auth.PooledSearchDnResolver"
authenticationHandler="org.ldaptive.auth.PooledBindAuthenticationHandler"
cacheId="ldaptive-pooled";
};
-----------------------------------------
J. David Bickel
Identity Management Systems
Indiana University
(812) 855-6346
jdbickel at iu.edu
-----------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190523/a88af8eb/attachment.html>
More information about the users
mailing list