attribute resolver issues after upgrade to v3
Robert A Basch
rbasch at mit.edu
Mon Aug 17 18:00:19 EDT 2015
On Aug 17, 2015, at 4:31 PM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
> On 8/17/15, 4:03 PM, "users on behalf of Robert A Basch" <users-bounces at shibboleth.net on behalf of rbasch at mit.edu> wrote:
>
>> I turned on DEBUG logging on a V2 IdP, and it looks like the whitespace is
>> indeed being trimmed from the filter somehow before vt-ldap is invoked.
>
> How can you tell that? I don't see anywhere that's happening in the code.
The V2 log contains:
[edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:308] - Search filter: ([...])
i.e. shows the filter with no leading or trailing whitespace, apparently
before calling into vt-ldap.
And looking now in LdapDataConnector.java (java-shib-common 1.4.3), I see
that lines 307-308 are:
searchFilter = searchFilter.trim();
log.debug("Search filter: {}", searchFilter);
so it is being trimmed there, and apparently not just for logging purposes.
> That construct can't be "fixed" since the ! is being evaluated by Velocity, and the object being returned now is definitely not null. I documented the difference in a couple of places.
Understood, and thanks.
Bob
More information about the users
mailing list