config memberOf in idpv4

[Lohr, Donald]

Most LDAP products, if you look at the user's account you can see an 
attribute that contains the groups they are a member of.

Many LDAP products treat that user attribute as an operational attribute 
and not a normal attribute.  If you do an ldapsearch against a user, you 
might have to use something like the following after your "(cn=test01)" 
search filter:

"+" "*"

The "+" returns the operational attributes and the "*" returns all 
normal attributes.  Normally if you don't ask for any attributes to be 
returned, that the same as "*".

Of course, the LDAP server will only return the attributes that the -D 
(bind account) as access to see.

In my opinion, why search all of the groups for the logging in user, 
when you can search the user for their memberships - its easier, 
especially if your LDAP service does not have a common group container.

Don

On 5/6/20 10:45 AM, leosimon wrote:
> No one has overcome this scenario?
> Please someone help
>
>
>
> --
> Sent from: https://urldefense.proofpoint.com/v2/url?u=https-3A__shibboleth.1660669.n2.nabble.com_Shibboleth-2DUsers-2Df1660767.html&d=DwICAg&c=eLbWYnpnzycBCgmb7vCI4uqNEB9RSjOdn_5nBEmmeq0&r=Pa2DB88IW_s2TyLfktHtWA&m=zVFJsEnjy022pLJQUMfR3n-TkK9sIzL5kbiNB5WkGkw&s=ZjcABm63E0wL4L4cY5ng3mtMhIoTskBdNKP4XQ003qo&e=

-- 
D o n a l d   L o h r
I n f o r m a t i o n   S y s t e m s
J a m e s   M a d i s o n   U n i v e r s i t y
5 4 0 . 5 6 8 . 3 7 3 0