Shibboleth IdP and Apache Directory Services
Lohr, Donald A - lohrda
lohrda at jmu.edu
Mon Aug 24 00:33:39 UTC 2020
LDAP is LDAP. Over the years our Shibboleth IdP has been configured to use 4 different vendor's LDAP product.
The bind account and password, search base, the acls granted to the bind account so it can see users/groups & their attribute data, the search filter and etc are all important elements to have properly configured. Use any command line ldapsearch tool as a way to test what your shibboleth bind account can see. Also look in your Shibboleth logs folder which can lead you what your issue might be.
I use OpenLDAP's command line ldapsearch, ldapmodify and etc tools. Here's an example:
ldapsearch -x -LLL -h apacheLDAPserver.nitssolutions.com<http://apacheLDAPserver.nitssolutions.com> -p 389 -D cn=shibBindAccount,ou=utilityaccounts,dc=nitssolutions,dc=com -W -Z -b ou=users,dc=nitssolutions,dc=com "(cn=yourLoginID)"
Change syntax accordingly for your environment.
D o n a l d L o h r
I n f o r m a t i o n S y s t e m s
J a m e s M a d i s o n U n i v e r s i t y
5 4 0 . 5 6 8 . 3 7 3 0
On Aug 23, 2020, at 3:40 PM, Amit Dongaonkar <amitd at nitssolutions.com<mailto:amitd at nitssolutions.com>> wrote:
Wondering if any one has attempted to integrate Shibboleth IdP 3.4 with Apache DS ?
I am able to make Shibboleth talk with Apache DS but it is not able to find any users in the DS even though users are created in the DS.
Thanks and Regards,
Snr. Technical Architect Lead
o: (248) 284-4035 m: (248) 385-6033
40850 Grand River Ave #100, Novi, MI 48375
For Consortium Member technical support, see https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwICAg&c=eLbWYnpnzycBCgmb7vCI4uqNEB9RSjOdn_5nBEmmeq0&r=Pa2DB88IW_s2TyLfktHtWA&m=G_lStGYnvHEwhFdhkvaqInDp01V9Rm5IozgtsxrUiI0&s=nGosFOeiF_P4PCMrsUqh7yKND4w5klhWqNj6Ci3S5_Q&e=
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users