support for AD's range retrieval of attribute values in LDAP data connector?

Robert A Basch rbasch at mit.edu
Fri Dec 18 15:48:04 EST 2015


I have done this, and things look promising, based on an initial test.
(Fortunately, we are not using mergeResults or lowercaseAttributeNames).
We need to test more extensively, though, after which I will report back
on the results.

Thanks!

Bob


On Dec 17, 2015, at 5:51 PM, Daniel Fisher <dfisher at vt.edu> wrote:

> On Thu, Dec 17, 2015 at 5:37 PM, Robert A Basch <rbasch at mit.edu> wrote:
> On Dec 13, 2015, at 11:09 PM, Daniel Fisher <dfisher at vt.edu> wrote:
> 
> > On Fri, Dec 11, 2015 at 3:40 PM, Robert A Basch <rbasch at mit.edu> wrote:
> > Is there any to configure the v2 resolver to support this?
> >
> > I think it's possible, but I've never tried it. If you're willing to do some testing, I can walk you through the changes.
> 
> I now have a v2 test environment set up for trying it.  What changes are
> needed to support this? 
> 
> Ok, here goes.
> Compile the class found here: https://code.google.com/p/vt-middleware/wiki/vtldapAD#Range_Attributes
> Put that class in your container's classpath.
> 
> Change your DataConnector configuration to include a new LDAPProperty:
> <LDAPProperty
> name="edu.vt.middleware.ldap.searchResultHandlers"
> value="edu.vt.middleware.ldap.handler.FqdnSearchResultHandler,edu.vt.middleware.ldap.handler.EntryDnSearchResultHandler,edu.vt.middleware.ldap.handler.BinarySearchResultHandler,custom.package.RangeSearchResultHandler" />
> 
> Note that if you're using the mergeResults or lowercaseAttributeNames flags, you'll have to add even more handlers.
> Lastly, configure a search filter that returns ranged results.
> I might have missed something, but give that a try and let me know what happens.
> 
> --Daniel Fisher
> 
> -- 
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net



More information about the users mailing list