LDAPConnector aggregate matching DNs?
Brent Putman
putmanb at georgetown.edu
Fri Aug 7 17:13:54 UTC 2020
On 8/7/20 12:04 PM, Zach Hanson-Hart wrote:
> Hello list!
>
> I have a use case to grab the DNs of all of the matching entries on
> an LDAPConnector. These are groups with membership containing the
> principalName from the requestContext, but the users do not have
> entries in the directory. It is an OpenLDAP directory. I've tried
> various things for ReturnAttributes, like 1.1, dn, distinguishedName
> just as a shot in the dark.
>
> The entries have objectClass organizationalUnit and eduMember. I
> have no problem getting the OU of the entries as an IDP attribute and
> releasing it. But I can't get DNs 🙁
>
Since it's OpenLDAP you can probably take advantage of operational
attributes. Specify "+" in ReturnAttributes (in addition to whatever
other attribs you want), and you should see it return entryDN as a
regular attribute of each returned object. See:
https://wiki.shibboleth.net/confluence/display/IDP4/ReturnAttributes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200807/e19695d4/attachment.htm>
More information about the users
mailing list