idp.authn.LDAP.authenticator = bindSearchAuthenticator idp.authn.LDAP.ldapURL = ldap://ldap.example.org:389 idp.authn.LDAP.useStartTLS = false idp.authn.LDAP.useSSL = false idp.authn.LDAP.returnAttributes = uid idp.authn.LDAP.baseDN = ou=users,dc=example,dc=com idp.authn.LDAP.userFilter = (uid={user}) # User search filter idp.authn.LDAP.bindDN = uid=admin,ou=system # This is the connection base idp.authn.LDAP.bindDNCredential = <admin password> # Enter the password here idp.authn.LDAP.dnFormat = uid=%s,ou=users,dc=example,dc=com
vim /opt/shibboleth-idp/credentials/secrets.properties
# Default access to LDAP authn and attribute stores. idp.authn.LDAP.bindDNCredential = ###IDPUSER_PASSWORD### idp.attribute.resolver.LDAP.bindDNCredential = %{idp.authn.LDAP.bindDNCredential:undefined}
vim /opt/shibboleth-idp/conf/ldap.properties
The idp.attribute.resolver.LDAP.exportAttributes list MUST contains the attribute chosen for the persistent-id generation (idp.persistentId.sourceAttribute)
idp.authn.LDAP.authenticator = bindSearchAuthenticator idp.authn.LDAP.ldapURL = ldap://ldap.example.org:389 idp.authn.LDAP.useStartTLS = false # List of attributes to request during authentication idp.authn.LDAP.returnAttributes = passwordExpirationTime,loginGraceRemaining idp.authn.LDAP.baseDN = ou=people,dc=example,dc=org idp.authn.LDAP.subtreeSearch = false idp.authn.LDAP.bindDN = cn=idpuser,ou=system,dc=example,dc=org # The userFilter is used to locate a directory entry to bind against for LDAP authentication. idp.authn.LDAP.userFilter = (uid={user}) # LDAP attribute configuration, see attribute-resolver.xml # Note, this likely won't apply to the use of legacy V2 resolver configurations idp.attribute.resolver.LDAP.ldapURL = %{idp.authn.LDAP.ldapURL} idp.attribute.resolver.LDAP.connectTimeout = %{idp.authn.LDAP.connectTimeout:PT3S} idp.attribute.resolver.LDAP.responseTimeout = %{idp.authn.LDAP.responseTimeout:PT3S} idp.attribute.resolver.LDAP.baseDN = %{idp.authn.LDAP.baseDN:undefined} idp.attribute.resolver.LDAP.bindDN = %{idp.authn.LDAP.bindDN:undefined} idp.attribute.resolver.LDAP.useStartTLS = %{idp.authn.LDAP.useStartTLS:true} idp.attribute.resolver.LDAP.trustCertificates = %{idp.authn.LDAP.trustCertificates:undefined} # The searchFilter is used to find user attributes from an LDAP source. idp.attribute.resolver.LDAP.searchFilter = (uid=$resolutionContext.principal) # List of attributes produced by the Data Connector that should be directly exported as resolved IdPAttributes without requiring actual Attribute Definitions idp.attribute.resolver.LDAP.exportAttributes = ### List space-separated of attributes to retrieve from the director