Are your usernames distinct in the two trees? From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Russell Morriss Sent: 12 March 2010 11:18 To: [log in to unmask] Subject: Multiple domain LDAP querying - JASIG CAS Shib 2.0 idp Hello everyone, I have searched the so far discussed aspects of LDAP (Active Directory) authentication for shibboleth but haven't encountered the same issue we appear to be having. We have two separate domains for staff and student, we too have followed the excellent installation instructions from Nottingham trent utilising JASIG CAS and a separate SQL server database for attribute storage. (Shib 2.0 idp) http://shibsp.ntu.ac.uk/confluence/display/SHIB2/Windows+IdP+installation The problem I have encountered is that for one reason or another outside of my control we don't have a global catalogue (:3268) that I can query using one account for binding. At the moment I can only configure it to bind to one or the other, also by querying on userPrincipalName we either have a .staff.x or a .student.x Could anyone suggest how I could query two different LDAP servers with a common set of credentials in such a case, or alternatively how the JASIG CAS configuration could be amended to use two sets of credentials to query two LDAP servers? I appreciate this may be a network configuration issue so any guidance on adjusting our current setup to accommodate Shib would also be welcomed as I can forward these recommendations on to our network administrator. Any responses on or off list appreciated. Thanks, Russell Morriss Web Services Manager Redbridge College Little Heath, Barley Lane, Romford, RM6 4XT Tel: 020 8548 7420 Email: [log in to unmask] Web: www.redbridge-college.ac.uk <http://www.redbridge-college.ac.uk/> ______________________________________________________________________ The views expressed in this e-mail are those of the individual and not necessarily of Redbridge College. The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the addressee. If you are not the intended addressee any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited. Please notify the sender immediately by replying to the message and deleting it from your computer. Messages sent to and from Redbridge College may be monitored. Internet communications cannot be guaranteed to be secured or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Please rely on your own virus checker and procedures with regard to any attachment to this message. ______________________________________________________________________ This email has been scanned for viruses by the Email Protection Agency. For more information please visit http://www.epagency.net ______________________________________________________________________