My AD guys are restructuring OUs and user placement which is going to affect my AD service account. At present I am running IDP v3.4.4 using a JAAS config going against AD. Following the directions when
I set this up earlier in the year I set the following values
In an effort not to have to make these changes in the future I switched the bindDN value to the UPN value of my AD service account and things seem to work during testing on my dev IDP. Since the value is
supposed to be a DN, I am wondering what other admins have done?
My second question - In my ldap.properties and ldap.properties.pool I have configure “idp.authn.LDAP.authenticator = adAuthenticator”. As such my understanding is that there is no need to search for the
user’s DN because the IDP accepts the user@domain format for authentication. Is it necessary to have credentials configured in the bindDN and bindCredential for authentication? Also can my AD DataConnector in my attribute-resolver.xml file resolve attributes
based on the user that it has authenticated?
* Christopher Bland <[hidden email]> [2019-11-14 19:57]:
> My AD guys are restructuring OUs and user placement which is going
> to affect my AD service account. At present I am running IDP v3.4.4
> using a JAAS config