Matrix Version: 5.2.3.0
We have a page on our website that we only allow users to view if they have logged in. For authentication we are using the LDAP Bridge and we are using Active Directory.
Our AD admin tells use that there is extra attributes in AD that contain their student ID. We want to expose that student ID on the logged in page.
Is it possible to have Matrix show other AD attributes as keywords?
Looks like using the LDAP Data Source might be the key here? Any tips on what filter query to use? I basically want to query to just find one user by username.
One thing to note here, Nic⌠if you need to use a particular LDAP user attribute, the LDAP bridgeâs bind user must have that attribute applied to it, and that attribute canât be empty on the bind user either.
Thanks, this is very good to know. One thing, our LDAP admin said to try (samaccountname=nnhubbard) for my search filter, but noting comes up in Matrix where as it does for him just doing a LDAP search.
Would the different be here the context of our LDAP Bridge?
Iâm not sure what search filter you mean here, Nic. If you want to output an LDAP attribute of the current user, as far as I know you should just use this keyword:
https://matrix.squiz.net/manuals/ldap/chapters/ldap-users#Keyword-Replacement-for-LDAP-Users
You must have ticked âDisplayâ for that attribute in the LDAP User Setup screen of the bridge, though:
https://matrix.squiz.net/manuals/ldap/chapters/ldap-user-setup-screen
Thatâs where the bind userâs attributes come in - the LDAP User Setup screen only shows the non-empty attributes of the bind user, so if the bind user doesnât have the attribute you want it canât be displayed and you canât use the keyword.
Oh, I see.
I donât think you should need any LDAP data source assets to show the current userâs attributes. Just use the %globals_user_attribute_<attribute>% keyword I linked above.
I had our LDAP admin check, and our bind user has many many attributes, all of which do not show up in the LDAP Bridge under âLDAP User Setupâ.
Any ideas why this would be? We are stumped.
Are the attributes populated with values? I recall from an earlier thread that the LDAP User Setup screen didnât show attributes with no value set.
the service credential must have some value in the field, we put âxâ in each.
Are you saying our Bind DN user should have a âservice credentialâ attribute? Our LDAP admin said it doesnât have this.
Sorry for not having clarified clear.
For example. If you need to populate the attribute of description, the description field in the Bind DN CANNOT be empty.
Yes, we have MANY attributes that are not empty, but none of them show up in the LDAP User Setup screen.
Humm, this sounds strange. We populate employeeID and studentID etc without any issue. Maybe you start investigation with permission, try login as the bind user to see if the attribute are visible?
Also a question to Squiz if there is a upper limit of the number of the attributes?
Just an additional note, I am able to get user attributes when using ldapsearch in the shell, but not sure that is helpful to knowâŚ