-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gerhard,
You'll want to look at modifying two files in the web frontend - vcl/shibauth/index.php and vcl/.ht-inc/authmethods/shibauth.php. The index.php file calls a function (updateShibGroups) that exists in shibauth.php. You can modify updateShibGroups to create the groups based on whatever information is passed to it. Then, modify index.php to pass the proper information as arguments. If you don't have anyone that can work on this, I can assist if you'll sent the structure of the entitlement attribute as it shows up to php. Josh On Tuesday July 05, 2011, Hartl, Gerhard L. wrote: > All, > > We are attempting to transition from LDAP authentication to Shibboleth > authentication and are having an issue in regards to shib groups. Our > current configuration uses the "ismemberof" ldap attribute to build the > user groups used for privilege assignment. Now that we have setup Shib > authentication, we are being presented with groups created off of the shib > "affiliation" attribute rather than the shib "entitlement" attribute that > represents our "ismemberof" of LDAP. Is there any way to use our shib > "entitlement" attribute to build shib groups? > > - Gerhard > Old Dominion University - -- - ------------------------------- Josh Thompson VCL Developer North Carolina State University my GPG/PGP key can be found at pgp.mit.edu -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iEYEARECAAYFAk4TYeMACgkQV/LQcNdtPQNOdQCfVlZlF+virDBKuI+P8DcKnTmC u4AAn0HomIFFHJe1NrHKi28KRCh+R4n5 =JSk2 -----END PGP SIGNATURE-----
