isotope preferred dating very old rocks - Error validating ldap url and credentials

For example, a URL containing the string "a-" should be accessible to staff only, and a URL containing the string "b-" should be accessible to staff and students.

We have had this working for some time based on OU's in our LDAP - which has been fine, as any students who were also staff (and vice versa) had a separate account for the other login.

error validating ldap url and credentials-17

It looks like v10.0.1 offers some fairly comprehensive config options for validating specific LDAP attributes, including a field named Role Key: Specifies the name of the attribute in the LDAP database that specifies a user's authorization role. Can you post an anonymized copy of your LDAP Auth config object definition? I've only mentioned the fields we actually have set.

Name: LDAP-Staff-New Remote LDAP Tree: dc=domain,dc=com,dc=a Hosts: 1.1.1.1 Service Port: 636 LDAP Version: 3 Search time limit: 30 Bind time limit: 30 Filter: staff=1 Check Host attribute: Enabled SSL: Enabled Check SSL Peer: Disabled Warning Logging: Enabled Debug Logging: Disabled This prompts us for a username/password but authentication will never pass while the filter attribute is set.

I'm also still searching for a solution to create a LDAP configuration to check if a user belongs to a specific group. Ciao Stefan : EDIT: The AD structure is something like this:- OU=customercode--OU=Test---OU=Groups----CN=group1----CN=group2---OU=Users----CN=user1----CN=user2--OU=Prod---OU=Groups---OU=Usersbtw.

Can someone shortly explain the function of the following fields:- Filter- Login Attribute- Check Host Attribute- Group DN- Group Member Attribute How does the profile look like if for example the username is "user1" and the group "group1"? do I need a global Bind DN and password (some administrativ user) or is it also possible to use the HTTP-credentials itself for the LDAP-authentication?

The user is forced to concern herself with the DN of the user, she can only search for the user's uid, and the search always starts at the root of the tree (the empty path).

A more flexible method would let the user specify the search base, the search filter, and the credentials.

Spring LDAP 1.3.0 introduced new authenticate methods in Ldap Template that provide this functionality: As described in below, some setups may require additional operations to be performed in order for actual authentication to occur.

See Section 10.2, “Performing Operations on the Authenticated Context” for details. You should test and make sure how your server setup and authentication schemes behave; failure to do so might result in that users will be admitted into your system regardless of the DN/credentials supplied.

This attribute is called staff - and will have a value of 1 for any valid staff member.

I have tried to use staff=1 in the filter field on the LDAP configuration however it doesn't allow authentication at all with this set.

Now that we're using single signon it needs to look at a specific value on a specific attribute in LDAP to determine if they have staff and/or student level access. On the other hand, Mary Jones is a student and has the attribute 'student=1' and 'staff=0' - she needs to authenticate to b- URLs but not a-.

Tags: , ,