Search filter script
John Morrison
john.morrison at uadm.uu.se
Mon May 2 08:41:43 EDT 2016
Hello shibbers,
I have a scripted search filter built on a multi-value attribute, which
in turn, searches the ldap in another part of the tree using a separate
data connector based on the values obtained from the first/default ldap
search connector.
If the value is single, that works.
But when I get hit by two values, I'm stuffed by the characters ( = \28
and ) = \29.
Should work as a search filter as the VALUES:
[(|(ATTRIBUTE-X=VALUE1)(ATTRIBUTE-X=VALUE2))] come out as this.
But the search filter yields:
LDAP SEARCH Template text ($organisationalSearch.get(0)) yields
(\28|\28ATTRIBUTE-X=VALUE1\29\28ATTRIBUTE-X=VALUE2\29\29)
ERROR [net.shibboleth.idp.profile.impl.ResolveAttributes:257] - Profile
Action ResolveAttributes: Error resolving attributes
net.shibboleth.idp.attribute.resolver.ResolutionException: Data
Connector 'myLDAPorganisation': Unable to execute LDAP search
<![CDATA[
logger =
Java.type("org.slf4j.LoggerFactory").getLogger("net.shibboleth.idp.attribute.resolver.test");
if ((employeeType) &&
(employeeType.getValues().contains("EMPLOYED")) && (ATTRIBUTE-X)) {
if
(ATTRIBUTE-X.getValues().size()==1) {
organisationalSearch.getValues().add("ATTRIBUTE-X="+ATTRIBUTE-X.getValues().get(0));
logger.debug("CASE
1"+organisationalSearch.getValues());
}
else {
logger.debug("CASE
2"+norEduOrgUnitUniqueIdentifier.getValues());
searchFilter="(|";
for (i=0; i <
norEduOrgUnitUniqueIdentifier.getValues().size(); i++) {
searchFilter=searchFilter
+"("+("ATTRIBUTE-X="+ATTRIBUTE-X.getValues().get(i))+")";
logger.debug("I="+i+searchFilter);
}
searchFilter=searchFilter+")";
logger.debug("SEARCH FILTER:" +searchFilter);
organisationalSearch.getValues().add(searchFilter);
logger.debug("VALUES:
"+organisationalSearch.getValues());
}
}
else {
organisationalSearch.getValues().add("ATTRIBUTE-X=XXX");
}
]]>
</ad:Script>
Can someone help with this problem or suggest a better way,
Thanks,
John
More information about the users
mailing list