SV: Multiple ldap
Kicic Sakib
Sakib.Kicic at smhi.se
Tue Oct 29 07:57:11 EDT 2019
Thanks for your reply!
I will try with those links.
Regards,
-----Ursprungligt meddelande-----
Från: users [mailto:users-bounces at shibboleth.net] För Peter Schober
Skickat: den 29 oktober 2019 11:19
Till: users at shibboleth.net
Ämne: Re: Multiple ldap
* Peter Schober <peter.schober at univie.ac.at> [2019-10-29 11:10]:
> * Kicic Sakib <Sakib.Kicic at smhi.se> [2019-10-29 09:00]:
> > But this is actually not a CAS question but rather how I can enable
> > shibboleth to work with two separate AD domains.
>
> If you're doing SPNEGO (as you said earlier) I guess this is a
> question for your Kerberos server?
This is documented here:
https://wiki.shibboleth.net/confluence/display/IDP30/SPNEGOAuthnConfiguration
There is no LDAP here as part of the authentication process, though.
If OTOH you're doing password authentication (since you wrote "ldap"
in the subject of your post) the documentation for that is here:
https://wiki.shibboleth.net/confluence/display/IDP30/PasswordAuthnConfiguration#PasswordAuthnConfiguration-GeneralConfiguration
E.g. when using password authentication and the IDP's native LDAP
support the documentation for using multiple LDAP DSA is here:
https://wiki.shibboleth.net/confluence/display/IDP30/LDAPAuthnConfiguration#LDAPAuthnConfiguration-MultipleDirectories
An alternative for password-based authentcation in the IDP using LDAP
is the JAAS support which is documented here and allows you to stack
multiple LDAP servers in various combinations (JAAS "flags"):
https://wiki.shibboleth.net/confluence/display/IDP30/JAASAuthnConfiguration
-peter
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list