Nastavenie LDAP bez šifrovaného pripojenia

idp.authn.LDAP.authenticator = bindSearchAuthenticator
idp.authn.LDAP.ldapURL = ldap://ldap.example.org:389
idp.authn.LDAP.useStartTLS = false
idp.authn.LDAP.useSSL = false
idp.authn.LDAP.returnAttributes = uid
idp.authn.LDAP.baseDN = ou=users,dc=example,dc=com 
idp.authn.LDAP.userFilter = (uid={user}) # User search filter
idp.authn.LDAP.bindDN = uid=admin,ou=system # This is the connection base
idp.authn.LDAP.bindDNCredential = <admin password> # Enter the password here
idp.authn.LDAP.dnFormat = uid=%s,ou=users,dc=example,dc=com

vim /opt/shibboleth-idp/credentials/secrets.properties

# Default access to LDAP authn and attribute stores. 
idp.authn.LDAP.bindDNCredential              = ###IDPUSER_PASSWORD###
idp.attribute.resolver.LDAP.bindDNCredential = %{idp.authn.LDAP.bindDNCredential:undefined}

vim /opt/shibboleth-idp/conf/ldap.properties

The idp.attribute.resolver.LDAP.exportAttributes list MUST contains the attribute chosen for the persistent-id generation (idp.persistentId.sourceAttribute)

idp.authn.LDAP.authenticator = bindSearchAuthenticator
idp.authn.LDAP.ldapURL = ldap://ldap.example.org:389
idp.authn.LDAP.useStartTLS = false
# List of attributes to request during authentication
idp.authn.LDAP.returnAttributes = passwordExpirationTime,loginGraceRemaining
idp.authn.LDAP.baseDN = ou=people,dc=example,dc=org
idp.authn.LDAP.subtreeSearch = false
idp.authn.LDAP.bindDN = cn=idpuser,ou=system,dc=example,dc=org
# The userFilter is used to locate a directory entry to bind against for LDAP authentication.
idp.authn.LDAP.userFilter = (uid={user})
 
# LDAP attribute configuration, see attribute-resolver.xml
# Note, this likely won't apply to the use of legacy V2 resolver configurations
idp.attribute.resolver.LDAP.ldapURL             = %{idp.authn.LDAP.ldapURL}
idp.attribute.resolver.LDAP.connectTimeout      = %{idp.authn.LDAP.connectTimeout:PT3S}
idp.attribute.resolver.LDAP.responseTimeout     = %{idp.authn.LDAP.responseTimeout:PT3S}
idp.attribute.resolver.LDAP.baseDN              = %{idp.authn.LDAP.baseDN:undefined}
idp.attribute.resolver.LDAP.bindDN              = %{idp.authn.LDAP.bindDN:undefined}
idp.attribute.resolver.LDAP.useStartTLS         = %{idp.authn.LDAP.useStartTLS:true}
idp.attribute.resolver.LDAP.trustCertificates   = %{idp.authn.LDAP.trustCertificates:undefined}
# The searchFilter is used to find user attributes from an LDAP source.
idp.attribute.resolver.LDAP.searchFilter        = (uid=$resolutionContext.principal)
# List of attributes produced by the Data Connector that should be directly exported as resolved IdPAttributes without requiring actual Attribute Definitions
idp.attribute.resolver.LDAP.exportAttributes    = ### List space-separated of attributes to retrieve from the director