idp.authn.LDAP.authenticator = aggregateAuthenticator ← ldap-authn-config.xmlに追加したclass="org.ldaptive.auth.Authenticator"のbeanのnameに変更
## Connection properties ##
idp.authn.LDAP.ldapURL = LDAPサーバ1のURL ← 変更
idp.authn.LDAP.ldapURL2 = LDAPサーバ2のURL ← 追加
idp.authn.LDAP.useStartTLS = true
idp.authn.LDAP.useStartTLS2 = true
#idp.authn.LDAP.useSSL = false
#idp.authn.LDAP.connectTimeout = 3000
## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust
idp.authn.LDAP.sslConfig = certificateTrust ↓ 追加(certificateTrustかkeyStoreTrustを指定する際はldap-authn-config.xmlに追加したLDAPサーバ2用のclass="org.ldaptive.ssl.SslConfig" のbeanのidを指定)
idp.authn.LDAP.sslConfig2 = certificateTrust2 ← 追加
## If using certificateTrust above, set to the trusted certificate's path
idp.authn.LDAP.trustCertificates = LDAPサーバ1の証明書 ← 変更
idp.authn.LDAP.trustCertificates2 = LDAPサーバ2の証明書 ← 追加
## If using keyStoreTrust above, set to the truststore path
idp.authn.LDAP.trustStore = LDAPサーバ1のキーストア ← 変更
idp.authn.LDAP.trustStore2 = LDAPサーバ2のキーストア ← 追加 (省略) # Search DN resolution, used by anonSearchAuthenticator, bindSearchAuthenticator # for AD: CN=Users,DC=example,DC=org idp.authn.LDAP.baseDN = LDAPサーバ1のBaseDN ← 変更 idp.authn.LDAP.baseDN2 = LDAPサーバ2のBaseDN ← 追加 idp.authn.LDAP.subtreeSearch = true idp.authn.LDAP.userFilter = (LDAPサーバ1の検索キー={user}) ← 変更 idp.authn.LDAP.userFilter2 = (LDAPサーバ2の検索キー={user}) ← 追加 # bind search configuration # for AD: idp.authn.LDAP.bindDN=adminuser@domain.com idp.authn.LDAP.bindDN = LDAPサーバ1のBindDN ← 変更 idp.authn.LDAP.bindDN2 = LDAPサーバ2のBindDN ← 追加 idp.authn.LDAP.bindDNCredential = LDAPサーバ1のBindDNパスワード ← 変更 idp.authn.LDAP.bindDNCredential2 = LDAPサーバ2のBindDNパスワード ← 追加 (省略) # LDAP attribute configuration, see attribute-resolver.xml # Note, this likely won't apply to the use of legacy V2 resolver configurations idp.attribute.resolver.LDAP.ldapURL = %{idp.authn.LDAP.ldapURL} idp.attribute.resolver.LDAP.ldapURL2 = %{idp.authn.LDAP.ldapURL2} ← 追加 idp.attribute.resolver.LDAP.baseDN = %{idp.authn.LDAP.baseDN:undefined} idp.attribute.resolver.LDAP.baseDN2 = %{idp.authn.LDAP.baseDN2:undefined} ← 追加 idp.attribute.resolver.LDAP.bindDN = %{idp.authn.LDAP.bindDN:undefined} idp.attribute.resolver.LDAP.bindDN2 = %{idp.authn.LDAP.bindDN2:undefined} ← 追加 idp.attribute.resolver.LDAP.bindDNCredential = %{idp.authn.LDAP.bindDNCredential:undefined} idp.attribute.resolver.LDAP.bindDNCredential2 = %{idp.authn.LDAP.bindDNCredential2:undefined} ← 追加 idp.attribute.resolver.LDAP.useStartTLS = %{idp.authn.LDAP.useStartTLS:true} idp.attribute.resolver.LDAP.useStartTLS2 = %{idp.authn.LDAP.useStartTLS2:true} ← 追加 idp.attribute.resolver.LDAP.trustCertificates = %{idp.authn.LDAP.trustCertificates:undefined} idp.attribute.resolver.LDAP.trustCertificates2 = %{idp.authn.LDAP.trustCertificates2:undefined} ← 追加 idp.attribute.resolver.LDAP.searchFilter = (LDAPサーバ1の検索キー=$resolutionContext.principal) ← 変更
idp.attribute.resolver.LDAP.searchFilter2 = (LDAPサーバ2の検索キー=$resolutionContext.principal) ← 追加 idp.attribute.resolver.LDAP.returnAttributes = cn,homephone,mail
|