Reading groups membership in Shibboleth 4.0.1
Daniel Fisher
dfisher at vt.edu
Mon Nov 30 22:11:15 UTC 2020
On Mon, Nov 30, 2020 at 10:01 AM Feinstein, Moses <moses.feinstein at touro.edu>
wrote:
>
>
> Below configuration works, if I substitute “isMemberOf” in attribute
> resolver with any other attribute (displayName for example), however for
> some reason it is unable to read “isMemberOf”, it returns nothing for the
> group membership even though the user is a member of the group
> (cn=testgroup,ou=Groups,dc=example,dc=org).
>
>
>
> Since “isMemberOf” is part of operational attributes, I am not sure if
> there is anything else that needs to be configured on Shibboleth side.
>
>
>
> Am I missing something in my configuration below to be able to read
> operational attribute “isMemberOf” from the LDAP?
>
What does your DataConnector configuration look like? Assuming the
permissions are correct, requesting isMemberOf specifically is all you need
to do.
--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20201130/f72c8bba/attachment.htm>
More information about the users
mailing list