Which characters are not supported by Shibboleth in passwords?

Peter Schober peter.schober at univie.ac.at
Tue May 28 06:32:41 EDT 2019

* Felix Leesty <fleesty at bfs.de> [2019-05-28 12:08]:
> I can't find a ldapwhoami command or the conf/ldap.properties but the
> configuration in conf/login.config looks like this:

An "ldapwhoami" command would be supplied by the OpenLDAP client
libraries which I assued would be present on a server accessing an
OpenLDAP server. Those should be just an "apt install ldap-utils" away
(since UCS is based on Debian, AFAIK) but never mind.

The conf/ldap.properties file was meant to be relative to your IDP's
installation directory, by default that's /opt/shibboleth-idp, making
the full path /opt/shibboleth-idp/conf/ldap.properties
If you don't have that file you're not even running a current IDP
version, I guess. If you're still running IDPv2 you will know that the
project stopped supporting that and stopped issueing Security
Advisories years ago:

So first I'd make sure you're running a support version of the
software, currently that's IDP 3.4.4

Then I'd consider switching from JAAS to the built-in LDAP support.


More information about the users mailing list