Data Connector Depending on Attributes

Nate Klingenstein nate.klingenstein at utah.edu
Wed Feb 3 18:41:57 EST 2016


$uid.get(0)

One post-mortem note that will be useless for everyone else: when using the Java object directly with no method — brackets with CDATA even though this is a query that only uses local values, but largely derping it as a string — it led to a series of multiple LDAP queries with this particular directory as logged by that directory.  Values weren’t indexed, so the query timed out in the process, but that’s getting fixed.

They all looked very similar, but the eventual fourth query was formulated correctly, which compounded the “wtf” factor.  The differences were encoded parentheses appearing as the HEX \28 and \29 along with some erroneous “s, each of which got dropped in series as the query was attempted again with one less character.

I couldn't go back to exhume the IdP logs to figure out precisely what it was doing, but I’m guessing it was iterating over the Java object somehow for some reason.

I just wanted to get a note here in case anyone else made my crude mistake.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160203/43eaa82a/attachment.html>


More information about the users mailing list