attribute resolver issues after upgrade to v3

Robert A Basch rbasch at
Mon Aug 17 16:03:33 EDT 2015

I turned on DEBUG logging on a V2 IdP, and it looks like the whitespace is
indeed being trimmed from the filter somehow before vt-ldap is invoked.
Also, in case it wasn't clear before, the whitespace is apparently only a
problem in V3 when it is in the content of the Velocity #if ... directive
in the template.

As for the null values issue, note that our V2 code tested for *either*
.isEmpty() or ! .get(0), e.g.:

  #if (${attribute.isEmpty()} || ! ${attribute.get(0)})

so presumably it was (only) the ! .get(0) that was satisfying the condition
in the null value case.


On Aug 14, 2015, at 10:00 PM, "Cantor, Scott" <cantor.2 at> wrote:

> FWIW, code review of V2 does not suggest that there's any whitespace trimming in the LDAP filter construction step, and no indication that an attribute whose values are all null in a database would satisfy isEmpty() in the LDAP filter template code. At least not with the 2.4 branch.
> The whitespace issue could easily be a vt-ldap thing, but the second just can't be true. Nulls are added to the value collection in V2 as Java nulls, and an ArrayList containing any null objects is not empty.
> It is a difference that the actual values returned from a get() are not the same (null in V2, EmptyAttributeValue instances in V3). I'll check if we documented that.
> -- Scott
> -- 
> To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list