Which characters are not supported by Shibboleth in passwords?
Peter Schober
peter.schober at univie.ac.at
Tue May 28 06:32:41 EDT 2019
* Felix Leesty <fleesty at bfs.de> [2019-05-28 12:08]:
> I can't find a ldapwhoami command or the conf/ldap.properties but the
> configuration in conf/login.config looks like this:
An "ldapwhoami" command would be supplied by the OpenLDAP client
libraries which I assued would be present on a server accessing an
OpenLDAP server. Those should be just an "apt install ldap-utils" away
(since UCS is based on Debian, AFAIK) but never mind.
The conf/ldap.properties file was meant to be relative to your IDP's
installation directory, by default that's /opt/shibboleth-idp, making
the full path /opt/shibboleth-idp/conf/ldap.properties
If you don't have that file you're not even running a current IDP
version, I guess. If you're still running IDPv2 you will know that the
project stopped supporting that and stopped issueing Security
Advisories years ago:
https://wiki.shibboleth.net/confluence/display/SHIB2/SecurityAdvisories
So first I'd make sure you're running a support version of the
software, currently that's IDP 3.4.4
https://wiki.shibboleth.net/confluence/display/IDP30/
Then I'd consider switching from JAAS to the built-in LDAP support.
-peter
More information about the users
mailing list