config memberOf in idpv4
Lohr, Donald
lohrda at jmu.edu
Wed May 6 17:24:05 UTC 2020
Most LDAP products, if you look at the user's account you can see an
attribute that contains the groups they are a member of.
Many LDAP products treat that user attribute as an operational attribute
and not a normal attribute. If you do an ldapsearch against a user, you
might have to use something like the following after your "(cn=test01)"
search filter:
"+" "*"
The "+" returns the operational attributes and the "*" returns all
normal attributes. Normally if you don't ask for any attributes to be
returned, that the same as "*".
Of course, the LDAP server will only return the attributes that the -D
(bind account) as access to see.
In my opinion, why search all of the groups for the logging in user,
when you can search the user for their memberships - its easier,
especially if your LDAP service does not have a common group container.
Don
On 5/6/20 10:45 AM, leosimon wrote:
> No one has overcome this scenario?
> Please someone help
>
>
>
> --
> Sent from: https://urldefense.proofpoint.com/v2/url?u=https-3A__shibboleth.1660669.n2.nabble.com_Shibboleth-2DUsers-2Df1660767.html&d=DwICAg&c=eLbWYnpnzycBCgmb7vCI4uqNEB9RSjOdn_5nBEmmeq0&r=Pa2DB88IW_s2TyLfktHtWA&m=zVFJsEnjy022pLJQUMfR3n-TkK9sIzL5kbiNB5WkGkw&s=ZjcABm63E0wL4L4cY5ng3mtMhIoTskBdNKP4XQ003qo&e=
--
D o n a l d L o h r
I n f o r m a t i o n S y s t e m s
J a m e s M a d i s o n U n i v e r s i t y
5 4 0 . 5 6 8 . 3 7 3 0
More information about the users
mailing list