Flatten out nested ADS groups with Shibboleth IDP

Robert Rust robert.j.rust at uwrf.edu
Wed Mar 4 18:13:10 EST 2020 

    From: "Bickel, David" <jdbickel at iu.edu>
    To: Shib Users <users at shibboleth.net>
    Subject: Flatten out nested ADS groups with Shibboleth IDP
    
    Hello fellow shibboleth IDP users,


    Does the newer IDP 3.4.6+ have a better way to retrieve and flatten nested ADS groups from active directory??? The process documented in this legacy post https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fshibboleth.1660669.n2.nabble.com%2FAD-nested-groups-td7634561.html&amp;data=02%7C01%7Crobert.j.rust%40uwrf.edu%7Cdd51d4f5af9b46ffafe708d7bf94560f%7Cdbdf23c73f3a4bbeae76d7310a527fd8%7C1%7C0%7C637188516141969970&amp;sdata=6uwgVY7xB9ysUGYwqse0VL2JHVrbrmwyNbV%2BvetNdVE%3D&amp;reserved=0 uses several depreciated pieces like ?mergeResults?.? I appreciate any guidance on a better way to accomplish this task.
    
    ===============
I would be interested in any ideas for improving nested group lookup behavior as well. I'm not using mergeResults but otherwise my connector looks substantially similar. I'm currently battling issues with group lookups timing out periodically, which I'm sure is LDAP load related, but my Shib servers aren't distributing the load particularly well and I haven't come up with a way to load balance AD comfortably yet in the particular environment where these servers live.

-Robert

More information about the users mailing list