Ldap nested Groups membership not working as expected

Armando Martins armando.mart1s at gmail.com
Fri Jun 11 09:30:42 UTC 2021

Hi Matthew,

I also thought about that. That's why i have done the query with
ldapsearch  :

ldapsearch -x -LLL -h "myldapserver" -b 'dc=example,dc=com' -D
'uid=myroaccount,ou=users,o=services,dc=example,dc=com' -w mypassword
uid=testuser distinguishedName
dn: uid=testuser,ou=users,dc=example,dc=com

So, the answer is yes. The distinguishedName attribute is exposed by

Le ven. 11 juin 2021 à 10:55, Matthew Slowe via users <users at shibboleth.net>
a écrit :

> > On 11 Jun 2021, at 09:42, Armando Martins <armando.mart1s at gmail.com>
> wrote:
> >
> > i'm trying to set up Ldap nested groups on my Shibboleth 4.1.2 but it
> seems that the value of $distinguishedName.get(0) is never replaced by the
> attribute resolved by my dependent LDAP DataConnector.
> This may sound like a stupid question, but does OpenLDAP actually expose a
> distinguishedName attribute? It should show up in the IdP debug logs after
> the LDAP search if it does.
> --
> Matthew Slowe (GPG: 0x6BE0CF7D04600314)
> Senior Technical Consultant and Support specialist - Trust & Identity, Jisc
> Team: 0300 300 2212, option 2
> Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net

Armando Martins
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210611/0e5c7b7b/attachment.htm>

More information about the users mailing list