config memberOf in idpv4
Peter Schober
peter.schober at univie.ac.at
Sat May 9 08:59:11 UTC 2020
* leosimon <leosimon at digital-nirvana.com> [2020-05-08 21:11]:
> Right now, the memberOf value exports as the whole like,
> cn=group2,ou=groups,dc=example,dc=com
>
> How can I make the filter to convert this value as just
> cn=group1,cn=group2,cn=group3
You probably shouldn't and instead let the IDP assert those as
multiple separate values, so the SP sees them as separate values, too,
and can munge them as needed.
Or are you saying the system(s) consuming that data cannot process
multi-valued attributes and instead insist on recieving data in the
above notation? Given that the above notaton cannot ever be used to
process any LDAP DN values (as the comma used as a separator above is
part of LDAP DN values themselfs, as can be seen in the former example
above) that would be problematic, I think.
-peter
More information about the users
mailing list