Handling account state with OpenLDAP/AD for Shibboleth IdP v4.x

Marco Malavolti marco.malavolti at garr.it
Tue Dec 29 17:28:55 UTC 2020 

Hi to all,

could someone helps me to understand how to configure
"ldap-authn-config.xml" of my new Shibboleth IdP v4.0.1 to handle the
OpenLDAP Account State/Password Policy for the
bindAndSearchAuthenticator and adAuthenticator?

I have seen the property "idp.authn.LDAP.usePasswordPolicy" on
https://wiki.shibboleth.net/confluence/display/IDP4/LDAPAuthnConfiguration#LDAPAuthnConfiguration-Reference
and I have read that "The ldap-authn-config.xml file has changed
dramatically since V3 and is now very short, relying primarily on a
special bean with a hidden parent definition taking a large set of
properties that will generally auto-configure the proper objects."

If the "special bean" is the "shibboleth.LDAPAuthenticationFactory", is
it enough to set it to "true" to enable the password policy overlay
(ppolicy) for my LDAP or I need to do other changes?

I attach also the previous "ldap-authn-config-v3.xml" of my IdP v3.4.8
and the new "ldap-authn-config-v4.xml" provided by the Shibboleth IdP
v4.0.1.

Thank you so much for all your help!

-- 
Marco Malavolti
Consortium GARR - Servizio IDEM GARR AAI
Via dei Tizii, 6 - I-00185 (ROMA)
CF: 97284570583 - PI:07577141000
Mobile: +39 331 608 3639
Skype: marco.mala
PGP KEY: https://keys.openpgp.org/search?q=marco.malavolti@garr.it

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ldap-authn-config-v3.xml
Type: text/xml
Size: 8927 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20201229/6239c0e4/attachment.xml>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ldap-authn-config-v4.xml
Type: text/xml
Size: 1900 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20201229/6239c0e4/attachment-0001.xml>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4172 bytes
Desc: Firma crittografica S/MIME
URL: <http://shibboleth.net/pipermail/users/attachments/20201229/6239c0e4/attachment.p7s>

More information about the users mailing list