Ldap nested Groups membership not working as expected
Peter Schober
peter.schober at univie.ac.at
Fri Jun 11 09:39:06 UTC 2021
* Matthew Slowe via users <users at shibboleth.net> [2021-06-11 10:55]:
> > On 11 Jun 2021, at 09:42, Armando Martins <armando.mart1s at gmail.com> wrote:
> >
> > i'm trying to set up Ldap nested groups on my Shibboleth 4.1.2 but
> > it seems that the value of $distinguishedName.get(0) is never
> > replaced by the attribute resolved by my dependent LDAP
> > DataConnector.
>
> This may sound like a stupid question, but does OpenLDAP actually
> expose a distinguishedName attribute? It should show up in the IdP
> debug logs after the LDAP search if it does.
Right. The operational attribute provided by OpenLDAP that contains
the full DN of the entry is called "entryDN" (not "distinguishedName").
But IIRC ldaptive can find out the DN itself without having to query
for either operational attribute.
-peter
More information about the users
mailing list