[External] Re: LDAPConnector aggregate matching DNs?
Zach Hanson-Hart
zach at temple.edu
Fri Aug 7 17:32:38 UTC 2020
This is perfect. Thank you!
________________________________
From: Brent Putman <putmanb at georgetown.edu>
Sent: Friday, August 7, 2020 1:13 PM
To: Shib Users <users at shibboleth.net>; Zach Hanson-Hart <zach at temple.edu>
Subject: [External] Re: LDAPConnector aggregate matching DNs?
On 8/7/20 12:04 PM, Zach Hanson-Hart wrote:
Hello list!
I have a use case to grab the DNs of all of the matching entries on an LDAPConnector. These are groups with membership containing the principalName from the requestContext, but the users do not have entries in the directory. It is an OpenLDAP directory. I've tried various things for ReturnAttributes, like 1.1, dn, distinguishedName just as a shot in the dark.
The entries have objectClass organizationalUnit and eduMember. I have no problem getting the OU of the entries as an IDP attribute and releasing it. But I can't get DNs 🙁
Since it's OpenLDAP you can probably take advantage of operational attributes. Specify "+" in ReturnAttributes (in addition to whatever other attribs you want), and you should see it return entryDN as a regular attribute of each returned object. See:
https://wiki.shibboleth.net/confluence/display/IDP4/ReturnAttributes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200807/2215f9bb/attachment.htm>
More information about the users
mailing list