Two different LDAP systems

Jun 18, 2015 at 9:39 PM
Hi,

I'm currently using LDAPCP with ADFS. It is working well.

We are in the process of adding another LDAP (ApacheDS) to ADFS (with Shibboleth as the IdP).

I would like LDAPCP to query ApacheDS directly along with the currently working AD.

I've added a new LDAP and it is working, as in a connection is made and the query are executed.

My problem is that AD and ApacheDS don't share much in terms of attributes and objectClass. On one side it is
UID=john*
on the other
UserPrincipalName=john*
One is
objectclass=user
and the other is
objectclass=person
My question is : what would be the best way to configure LDAPCP so that it work with both my LDAP ?

Regards,

-homerggg
Jun 22, 2015 at 8:03 PM
Ok we managed to get around part of the problem by adding aliases to our ldap attributes. So those two filters return the same result :
(&(objectclass=person)(UID=johndoe*))
(&(objectclass=person)(UserPrincipalName=johndoe*))
But that won't work for LDAP classes. I would still appreciate help on that one.

I guess we need a way to easily manipulate the filter so that it look like
(&(|(objectclass=person)(objectclass=user))(UserPrincipalName=johndoe*))
Is it possible "OOTB" ?

Regards,

-homerggg
Coordinator
Jun 23, 2015 at 7:24 AM
Hello,
unfortunately with the current design it's impossible, you cannot set different names of LDAP class/attribute per connection (for a given claim type).
Implementing this would require important changes in the code, it's not something that can be done in a simple manner.
thanks
Yvan