Multiple ldap

Peter Schober peter.schober at
Tue Oct 29 06:18:32 EDT 2019

* Peter Schober <peter.schober at> [2019-10-29 11:10]:
> * Kicic Sakib <Sakib.Kicic at> [2019-10-29 09:00]:
> > But this is actually not a CAS question but rather how I can enable
> > shibboleth to work with two separate AD domains.
> If you're doing SPNEGO (as you said earlier) I guess this is a
> question for your Kerberos server?

This is documented here:
There is no LDAP here as part of the authentication process, though.

If OTOH you're doing password authentication (since you wrote "ldap"
in the subject of your post) the documentation for that is here:

E.g. when using password authentication and the IDP's native LDAP
support the documentation for using multiple LDAP DSA is here:

An alternative for password-based authentcation in the IDP using LDAP
is the JAAS support which is documented here and allows you to stack
multiple LDAP servers in various combinations (JAAS "flags"):


More information about the users mailing list