Seitenhistorie

If you're using LDAPS to connect to your LDAP servers (use of LDAP+STARTTLS shouldn't need anything special) be sure to also follow the steps mentioned in the LDAPonJava>8 documentation in the Shibboleth wiki, i.e. within your conf/ldap.properties config file ensure the following:

• no trailing slash on any of your ldapURL values
• no blanks/spaces in any of the LDAP filters
• set the property to use the UnboundID LDAP provider

The properties file /opt/shibboleth-idp/credentials/secrets.properties by default contains the setting idp.authn.LDAP.bindDNCredential to be used for the password of the administrative account performing LDAP binds. In case you're planning to use the bindSearchAuthenticator authentication strategy in your ldap.properties (with a given idp.authn.LDAP.bindDN) make sure to set the corresponding password for that DN in credentials/secrets.properties!

If OTOH you intend to use the anonSearchAuthenticator in ldap.properties (only anonymous binds will be made to the configured LDAP server/s) be sure to remove the principal and principalCredential XML attributes from your LDAP DataConnector in your /opt/shibboleth-idp/conf/attribute-resolver.xml (as included in our documentation and also in conf/examples/attribute-resolver-ldap.xml).

use the

methods described in our Testing an IDP documentation.