Reading groups membership in Shibboleth 4.0.1
Daniel Fisher
dfisher at vt.edu
Tue Dec 1 16:17:06 UTC 2020
On Tue, Dec 1, 2020 at 10:35 AM Feinstein, Moses <moses.feinstein at touro.edu>
wrote:
>
>
> <DataConnector id="myLDAP" xsi:type="LDAPDirectory"
>
>
> ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
>
>
> baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
>
>
> principal="%{idp.attribute.resolver.LDAP.bindDN}"
>
>
> principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
>
>
> useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:false}"
>
>
> connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
>
>
> trustFile="%{idp.attribute.resolver.LDAP.trustCertificates}"
>
>
> responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}"
>
>
> exportAttributes="%{idp.attribute.resolver.LDAP.returnAttributes}">
>
>
>
>
>
> <FilterTemplate>
>
> <![CDATA[
>
>
> %{idp.attribute.resolver.LDAP.searchFilter}
>
> ]]>
>
> </FilterTemplate>
>
>
>
> <ConnectionPool
>
>
> minPoolSize="%{idp.pool.LDAP.minSize:3}"
>
>
> maxPoolSize="%{idp.pool.LDAP.maxSize:10}"
>
>
> blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}"
>
>
> validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
>
>
> validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}"
>
>
> validateDN="%{idp.pool.LDAP.validateDN:}"
>
>
> validateFilter="%{idp.pool.LDAP.validateFilter:(objectClass=*)}"
>
>
> expirationTime="%{idp.pool.LDAP.idleTime:PT10M}"/>
>
> </DataConnector>
>
I believe you need to add a <ReturnAttributes /> element to your
DataConnector which includes the operational attribute.
--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20201201/e3538ec1/attachment.htm>
More information about the users
mailing list