V4 LDAP Authentication

Craig Pluchinsky craigp at iup.edu
Mon Jul 6 14:48:18 UTC 2020 

That's what I was trying to do.  Our config was based off the "authenticating against multiple OUs" in the v3 docs and has worked fine.  I'll read up some more and see if I can get things working.

The ldapURL stuff makes sense now.  I was doing the chaining so we could use different OUs but the same ldapURL property.  I was looking at it from the wrong perspective.

Thanks for the info.



-------------------------------
Craig Pluchinsky
IT Services
Indiana University of Pennsylvania
724-357-3327

________________________________
From: users <users-bounces at shibboleth.net> on behalf of Cantor, Scott <cantor.2 at osu.edu>
Sent: Monday, July 6, 2020 10:20 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: V4 LDAP Authentication

On 7/6/20, 10:08 AM, "users on behalf of Cantor, Scott" <users-bounces at shibboleth.net on behalf of cantor.2 at osu.edu> wrote:

> As far as how the code itself behaves within a single link of a chain, if it no longer handles particular settings or
> approaches, that's a bug or an issue to be documented. If it supported multiple URLs in a given LdapAuthenticator
> before, it should now.

Except that I'm fairly certain all the advanced examples in the page are no longer complete, and that's probably what you're trying to do. All of that needs to be updated, but Daniel would have to do that.

The general approach is that if you want to do very advanced things, you have to define your own bean inheriting from  shibboleth.LDAPAuthenticationFactory and you need to inject the result into the LDAPCredentialValidator via p:authenticator-ref="..."

The examples are probably not that far off apart from not showing that, along with not using the parent. The Aggregate DN Resolver example is building a bean called aggregateAuthenticator that is, I think, the top-level object needed to inject into the validator(s) in the chain.

-- Scott


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200706/14a4180e/attachment.htm>

More information about the users mailing list