Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
title/opt/shibboleth-idp/conf/ldap.properties
# LDAP authentication configuration, see authn/ldap-authn-config.xml

## Authenticator strategy, either anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator
#idp.authn.LDAP.authenticator                   = anonSearchAuthenticator
idp.authn.LDAP.authenticator                = bindSearchAuthenticator

## Connection properties ##
idp.authn.LDAP.ldapURL                          = ldap://<ip ou hostname do LDAP>:389
idp.authn.LDAP.useStartTLS                    = false
#idp.authn.LDAP.useStartTLS                  = true
#idp.authn.LDAP.useSSL                         = false
#idp.authn.LDAP.connectTimeout             = 3000

## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust
#idp.authn.LDAP.sslConfig                       = certificateTrust
## If using certificateTrust above, set to the trusted certificate's path
# tem q ficar descomentado pq e' usado algures
idp.authn.LDAP.trustCertificates                = %{idp.home}/credentials/ldap-server.crt
## If using keyStoreTrust above, set to the truststore path
# idem
idp.authn.LDAP.trustStore                       = %{idp.home}/credentials/ldap-server.truststore

## Return attributes during authentication
## NOTE: this is not used during attribute resolution; configure that directly in the
## attribute-resolver.xml configuration via a DataConnector's <dc:ReturnAttributes> element


# Nao sei ao certo o que isto faz. Talvez seja necessario definir todos os
# atributos possiveis aqui, e a filtragem e' feita no attribute-filter.xml.
#idp.authn.LDAP.returnAttributes                 = cn,businessCategory,mail
idp.authn.LDAP.returnAttributes              = sAMAccountName,mail,sn,cn,displayName,givenName,telephoneNumber

## DN resolution properties ##
# Search DN resolution, used by anonSearchAuthenticator, bindSearchAuthenticator
# for AD: CN=Users,DC=example,DC=org
idp.authn.LDAP.baseDN                           = dc=corp,dc=fccn,dc=pt
idp.authn.LDAP.subtreeSearch              = true
idp.authn.LDAP.userFilter                       = (sAMAccountName={user})
idp.authn.LDAP.bindDN                           = user_ldap@corp.fccn.pt

# Format DN resolution, used by directAuthenticator, adAuthenticator
# for AD use idp.authn.LDAP.dnFormat=%s@domain.com
# isto estava descomentado mas nao sei se/como se configura
#idp.authn.LDAP.dnFormat                         = uid=%s,ou=people,dc=example,dc=org
idp.authn.LDAP.dnFormat                        = sAMAccountName=%s,dc=corp,dc=fccn,dc=pt

# LDAP attribute configuration, see attribute-resolver.xml
idp.attribute.resolver.LDAP.ldapURL             = %{idp.authn.LDAP.ldapURL}
idp.attribute.resolver.LDAP.baseDN              = %{idp.authn.LDAP.baseDN}
idp.attribute.resolver.LDAP.bindDN              = %{idp.authn.LDAP.bindDN}
idp.attribute.resolver.LDAP.bindDNCredential    = %{idp.authn.LDAP.bindDNCredential}
idp.attribute.resolver.LDAP.useStartTLS         = %{idp.authn.LDAP.useStartTLS:true}
idp.attribute.resolver.LDAP.trustCertificates   = %{idp.authn.LDAP.trustCertificates}
idp.attribute.resolver.LDAP.searchFilter  = (sAMAccountName=$requestContext.principalName)

...