attributes are not getting released

Pavan K pavanonnet1986 at gmail.com
Tue Aug 16 21:58:28 BST 2011 

Here is my LDAP data connector configruation,

<resolver:DataConnector id="myLDAP" xsi:type="dc:LDAPDirectory"
        ldapURL="ldap://<IP_ADDRESS>:389"
        baseDN="ou=public,dc=abc,dc=com"
        principal="<USER_NAME>"
        principalCredential="<PASSWORD>">
        <dc:FilterTemplate>
            <![CDATA[
                (uid=$requestContext.principalName)
            ]]>
        </dc:FilterTemplate>
    </resolver:DataConnector>


and here is the log


13:43:54.714 - DEBUG
[edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:308]
- Search filter: (uid=<USERNAME>)
13:43:54.714 - DEBUG
[edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:363]
- LDAP data connector myLDAP - Retrieving attributes from LDAP
13:43:54.714 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:73] - Bind with the
following parameters:
13:43:54.714 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:74] -   authtype =
simple
13:43:54.714 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:75] -   dn
=<USERNAME>
13:43:54.714 - DEBUG
[edu.vt.middleware.ldap.handler.DefaultConnectionHandler:82] -   credential
= <suppressed>
13:43:54.714 - DEBUG [edu.vt.middleware.ldap.Ldap:193] - Search with the
following parameters:
13:43:54.714 - DEBUG [edu.vt.middleware.ldap.Ldap:194] -   dn =
ou=public,dc=abc,dc=com
13:43:54.714 - DEBUG [edu.vt.middleware.ldap.Ldap:195] -   filter =
(uid=<USERNAME>)
13:43:54.714 - DEBUG [edu.vt.middleware.ldap.Ldap:196] -   filterArgs = []
13:43:54.714 - DEBUG [edu.vt.middleware.ldap.Ldap:197] -   searchControls =
javax.naming.directory.SearchControls at 1c28517
13:43:54.714 - DEBUG [edu.vt.middleware.ldap.Ldap:198] -   handler =
[edu.vt.middleware.ldap.handler.FqdnSearchResultHandler at 1afe460,
edu.vt.middleware.ldap.handler.EntryDnSearchResultHandler at ba8fce,
edu.vt.middleware.ldap.handler.BinarySearchResultHandler at 3744bc]
13:43:54.730 - DEBUG
[edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336]
- Resolved attribute uid containing 0 values
13:43:54.730 - DEBUG
[edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314]
- Resolving attribute mail for principal <USERNAME>
13:43:54.730 - DEBUG
[edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336]
- Resolved attribute mail containing 0 values
13:43:54.730 - DEBUG
[edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314]
- Resolving attribute transientId for principal <USERNAME>


On Tue, Aug 16, 2011 at 1:52 PM, Ashok Kumar <ashok.kumar at csueastbay.edu>wrote:

> How is your LDAP Data connector entry looks like in resolver.conf file?
>
> Thanks,
> -Ashok
>
>
> On Tue, Aug 16, 2011 at 1:38 PM, Pavan K <pavanonnet1986 at gmail.com> wrote:
>
>> Thank you Ashok. IN the logs i am seeing the following messages,
>>
>> Resolved attribute uid containing 0 values
>> 13:31:29.447 - DEBUG
>> [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314]
>> - Resolving attribute mail for principal pavank
>> 13:31:29.447 - DEBUG
>> [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336]
>> - Resolved attribute mail containing 0 values
>> 13:31:29.447 - DEBUG
>> [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314]
>> - Resolving attribute transientId for principal pavank
>>
>> I did not understand why it is not getting the value from LDAP. Is there
>> configuration i am missing?
>>
>> Thank you,
>> Pavan
>>
>>
>> On Tue, Aug 16, 2011 at 1:05 PM, Ashok Kumar <ashok.kumar at csueastbay.edu>wrote:
>>
>>> I think if you see the IdP access logs, it will tell you what attribute
>>> has been resolved and what are filtered. You may need to set the log level
>>> to debug to see all this.
>>>
>>> Thanks,
>>> -Ashok
>>>
>>>
>>> On Tue, Aug 16, 2011 at 12:42 PM, Pavan K <pavanonnet1986 at gmail.com>wrote:
>>>
>>>>  Hi All,
>>>>
>>>> I am new to Shibboleth identity provider. I have installed and
>>>> configured the Shibboleth identity provider by following the instructions
>>>> given in shibboleth home page. I configured LDAP data connector to retrieve
>>>> some attributes. And when i test the attribute resolver by using "AACLI"
>>>> tool i am getting "No attribute statement" all the time. I did not find any
>>>> logs related to attribute retrieval in the log files.
>>>>
>>>> My configuration details as follows,
>>>>
>>>> *"handler.xml"*
>>>>
>>>> <ph:LoginHandler xsi:type="ph:UsernamePassword"
>>>>
>>>> jaasConfigurationLocation="file://IDP_HOME/conf/login.config">
>>>>
>>>> <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod>
>>>>     </ph:LoginHandler>
>>>>
>>>> *"login.config"*
>>>>
>>>> edu.vt.middleware.ldap.jaas.LdapLoginModule required
>>>>       ldapUrl="LDAP_URL"
>>>>       baseDn="ou=public,dc=abc,dc=com"
>>>>       tls="true"
>>>>       userFilter="uid={0}"
>>>>    ;
>>>>
>>>> *"attribute-filter.xml"
>>>>
>>>> *<afp:AttributeFilterPolicy>
>>>>         <afp:PolicyRequirementRule xsi:type="basic:ANY" />
>>>>
>>>>         <afp:AttributeRule attributeID="mail">
>>>>             <afp:PermitValueRule xsi:type="basic:ANY" />
>>>>         </afp:AttributeRule>
>>>>     </afp:AttributeFilterPolicy>
>>>>
>>>> *"attribute-resolver.xml"
>>>>
>>>>
>>>> * <resolver:AttributeDefinition xsi:type="ad:Simple" id="mail"
>>>> sourceAttributeID="mail">
>>>>         <resolver:Dependency ref="myLDAP" />
>>>>     <resolver:AttributeEncoder xsi:type="SAML2String"
>>>>     xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
>>>>             name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="mail"
>>>> />
>>>>     </resolver:AttributeDefinition>
>>>>
>>>> <resolver:DataConnector id="myLDAP" xsi:type="dc:LDAPDirectory"
>>>>         ldapURL="LDAP_URL"
>>>>         baseDN="ou=public,dc=abc,dc=com"
>>>>         principal="USER_NAME"
>>>>         principalCredential="PASSWORD">
>>>>         <dc:FilterTemplate>
>>>>             <![CDATA[
>>>>                 (uid=$requestContext.principalName)
>>>>             ]]>
>>>>         </dc:FilterTemplate>
>>>>     </resolver:DataConnector>*
>>>>
>>>>
>>>>
>>>> *Even when i comment the statements in "login.config" file, i am not
>>>> getting any errors in the log file and still getting "No Aattribute
>>>> Statement" message. Following is the command i am using from "IDP_HOME"
>>>> *
>>>>
>>>> aacli.bat --configDir=../conf --principal=<USER_NAME>
>>>>
>>>> *Could anyone please help me get this working? Am i missing something
>>>> in the configruation?
>>>>
>>>> Thank you in advance.
>>>>
>>>> -- Pavan
>>>>
>>>> --
>>>> To unsubscribe from this list send an email to
>>>> users-unsubscribe at shibboleth.net
>>>>
>>>
>>>
>>>
>>> --
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>> To unsubscribe from this list send an email to
>>> users-unsubscribe at shibboleth.net
>>>
>>
>>
>> --
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>>
>
>
>
> --
>
>
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20110816/d9186a59/attachment.html

More information about the users mailing list