Univention Bugzilla – Bug 47676
SAML doesn't work with the ldap referral handling in uldap (_handle_referral)
Last modified: 2022-12-21 14:37:03 CET
SAML doesn't work with the ldap referral handling in uldap (_handle_referral) The ldap referral handler in uldap.py only does a simple bind, which doesn't work with saml. As a result the frontend is stuck in login loop because the actual saml login is successful but not the simple bind. The referral handling is used for example then setting umc favorites on a slave. See also bug 46516. Note: changing your own password on slaves works with saml, because the old password is given and is used for the simple bind.
This prevents teachers to reset student passwords in multischool environments.
(In reply to Jürn Brodersen from comment #1) > This prevents teachers to reset student passwords in multischool > environments. As long as ldap/master is set right, this is probably something else. There might be something wrong with /etc/ldap/sasl2/slapd.conf on the master.
The actual issue on the initially referenced ticket 2018120421000308 was different (outdated registration of UMC services, fixed by re-downloading IdP metadata). Removing school customer flags, TicketNr, lowering user pain.