Synch with Rel_1_3.

[java-idp.git] / src / conf / resolver.ldap.xml

<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd">
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonAffiliation">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonNickname">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonOrgUnitDN">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonOrgDN">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        
        <!-- To use these attributes, you should change the smartScope value to match your site's domain name. -->
        <!--
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" smartScope="shibdev.edu">
                <AttributeDependency requires="urn:mace:dir:attribute-def:eduPersonAffiliation"/>
        </SimpleAttributeDefinition>

        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrincipalName" smartScope="shibdev.edu">
        <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        -->
        
        
        <!-- Example persistent id attribute.  Since this configuration is permanent, some thought is required before 
                deploying in  production. -->    
        <!--
        <SAML2PersistentID id="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" sourceName="guid">
                <DataConnectorDependency requires="echo"/>
                <Salt keyStorePath="file:///usr/local/shibboleth-idp/etc/persistent.jks" keyStoreKeyAlias="handleKey" keyStorePassword="shibhs" keyStoreKeyPassword="shibhs"/>
        </SAML2PersistentID>
        -->
        
        
        <!--Examples of common ldap-based attributes -->
        <!--
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:cn">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:sn">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:telephoneNumber">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:title">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:initials">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:description">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:carLicense">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:departmentNumber">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:displayName">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:employeeNumber">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:employeeType">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:preferredLanguage">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:manager">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:roomNumber">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:seeAlso">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:facsimileTelephoneNumber">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:street">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:postOfficeBox">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:postalCode">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:st">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:givenName">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:l">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:businessCategory">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:ou">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        
        <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:physicalDeliveryOfficeName">
                <DataConnectorDependency requires="directory"/>
        </SimpleAttributeDefinition>
        -->


        <JNDIDirectoryDataConnector id="directory">
                <Search filter="cn=%PRINCIPAL%">
                        <Controls searchScope="SUBTREE_SCOPE" returningObjects="false" />
                </Search>
                <Property name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory" />
                <Property name="java.naming.provider.url" value="ldap://ldap.example.edu/dc=example,dc=edu" />
                <Property name="java.naming.security.principal" value="cn=admin,dc=example,dc=edu" />
                <Property name="java.naming.security.credentials" value="examplepw" />
        </JNDIDirectoryDataConnector>
        
        
        <!-- An example of how to do a simple ldap bind over SSL -->
        <!-- 
        <JNDIDirectoryDataConnector id="directorySecure">
                <Search filter="cn=%PRINCIPAL%">
                        <Controls searchScope="SUBTREE_SCOPE" returningObjects="false" />
                </Search>
                <Property name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory" />
                <Property name="java.naming.provider.url" value="ldap://ldap.example.edu:636/dc=example,dc=edu" />
                <Property name="java.naming.security.protocol" value="ssl" />
                <Property name="java.naming.security.principal" value="cn=admin,dc=example,dc=edu" />
                <Property name="java.naming.security.credentials" value="examplepw" />
        </JNDIDirectoryDataConnector>
        -->
        
        
        <!-- An example of how to setup ldap with connection pooling -->
        <!-- 
        <JNDIDirectoryDataConnector id="directoryPooled">
                <Search filter="cn=%PRINCIPAL%">
                        <Controls searchScope="SUBTREE_SCOPE" returningObjects="false" />
                </Search>
                <Property name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory" />
                <Property name="java.naming.provider.url" value="ldap://ldap.example.edu/dc=example,dc=edu" />
                <Property name="com.sun.jndi.ldap.connect.pool" value="true" />
                <Property name="com.sun.jndi.ldap.connect.pool.initsize" value="5" />
                <Property name="com.sun.jndi.ldap.connect.pool.prefsize" value="5" />
                <Property name="com.sun.jndi.ldap.connect.pool.authentication" value="none simple DIGEST-MD5" />
                <Property name="com.sun.jndi.ldap.connect.pool.protocol" value="plain ssl" />
        </JNDIDirectoryDataConnector>
        -->

</AttributeResolver>