Link to home
Start Free TrialLog in
Avatar of PSGITech
PSGITech

asked on

LDAP Query

I am in the process of setting up a SSO with SAML, its asking me for an LDAP Attribute for a LDAP query that can query my AD for account name, any idea what that would be?
ASKER CERTIFIED SOLUTION
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
(&(objectCategory=person)(objectclass=User)(samaccountname=*)) will query the user account with samaccount name

YOu can user CN,UPN or mail for querying users..
You'll probably need to configure settings similar to this:
Search Scope: subtree
Search base: dc=yourdomain,dc=com
Depending on how you tell it what query to use, it may need something like this: (&(samaccountname=%s)(objectClass=user))

Use samaccountname if you want the users to use their username, use userprincipalname if you want them to use (what is usually) their email address.
Post a screenshot of the screen that's asking you the question.
Would be easier to find the correct answer.

Or maybe this link will help:
http://en.wikipedia.org/wiki/SAML_2.0
For LDAP search in SAML refer this link:

http://lists.forgerock.org/pipermail/openam/2011-December/004202.html

Hope this helps,

Regards,
Prem