Multiple ldap
Peter Schober
peter.schober at univie.ac.at
Tue Oct 29 06:18:32 EDT 2019
* Peter Schober <peter.schober at univie.ac.at> [2019-10-29 11:10]:
> * Kicic Sakib <Sakib.Kicic at smhi.se> [2019-10-29 09:00]:
> > But this is actually not a CAS question but rather how I can enable
> > shibboleth to work with two separate AD domains.
>
> If you're doing SPNEGO (as you said earlier) I guess this is a
> question for your Kerberos server?
This is documented here:
https://wiki.shibboleth.net/confluence/display/IDP30/SPNEGOAuthnConfiguration
There is no LDAP here as part of the authentication process, though.
If OTOH you're doing password authentication (since you wrote "ldap"
in the subject of your post) the documentation for that is here:
https://wiki.shibboleth.net/confluence/display/IDP30/PasswordAuthnConfiguration#PasswordAuthnConfiguration-GeneralConfiguration
E.g. when using password authentication and the IDP's native LDAP
support the documentation for using multiple LDAP DSA is here:
https://wiki.shibboleth.net/confluence/display/IDP30/LDAPAuthnConfiguration#LDAPAuthnConfiguration-MultipleDirectories
An alternative for password-based authentcation in the IDP using LDAP
is the JAAS support which is documented here and allows you to stack
multiple LDAP servers in various combinations (JAAS "flags"):
https://wiki.shibboleth.net/confluence/display/IDP30/JAASAuthnConfiguration
-peter
More information about the users
mailing list