LDAP DN parameter in attribute-resolver.xml IDPv4 file

Cantor, Scott cantor.2 at osu.edu
Mon Nov 15 18:46:29 UTC 2021

On 11/15/21, 1:39 PM, "users on behalf of Peter Schober" <users-bounces at shibboleth.net on behalf of peter.schober at univie.ac.at> wrote:

>    (Unless I misunderstood the question.)

One of us did. My interpretation was that it's not possible for whatever reason after authentication to do searches for attributes using just the canonical principal name, and so the DN had to be obtained explicitly out of the results of authentication.

But now that I write that out....that doesn't make sense. If that were the requirement, then the right answer would be to make the DN string the canonical principal name for the IdP.

So you're right...if you can search the directory, then....search the directory for the DN.

-- Scott

More information about the users mailing list