Search filter script

Mon May 2 14:20:32 EDT 2016

What I'm really asking, why are the brackets ( ) not being escaped in
the script?

/John

On Mon, 2016-05-02 at 12:41 +0000, John Morrison wrote:
> Hello shibbers,
> 
> 
> 
> I have a scripted search filter built on a multi-value attribute, which
> in turn, searches the ldap in another part of the tree using a separate
> data connector based on the values obtained from the first/default ldap
> search connector.
> 
> If the value is single, that works.
> 
> But when I get hit by two values, I'm stuffed by the characters ( = \28
> and ) = \29.
> 
> 
> 
> Should work as a search filter as the VALUES:
> [(|(ATTRIBUTE-X=VALUE1)(ATTRIBUTE-X=VALUE2))]  come out as this.
> 
> But the search filter yields:
> 
> LDAP SEARCH Template text ($organisationalSearch.get(0)) yields 
> 
> (\28|\28ATTRIBUTE-X=VALUE1\29\28ATTRIBUTE-X=VALUE2\29\29)
> 
> 
> ERROR [net.shibboleth.idp.profile.impl.ResolveAttributes:257] - Profile
> Action ResolveAttributes: Error resolving attributes
> net.shibboleth.idp.attribute.resolver.ResolutionException: Data
> Connector 'myLDAPorganisation': Unable to execute LDAP search
> 
> 
> 
>  <![CDATA[
> 
>                                 logger =
> Java.type("org.slf4j.LoggerFactory").getLogger("net.shibboleth.idp.attribute.resolver.test");
>                                  if ((employeeType) &&
> (employeeType.getValues().contains("EMPLOYED")) && (ATTRIBUTE-X)) {
>                                           if
> (ATTRIBUTE-X.getValues().size()==1) {
> 
> organisationalSearch.getValues().add("ATTRIBUTE-X="+ATTRIBUTE-X.getValues().get(0));
>                                         logger.debug("CASE
> 1"+organisationalSearch.getValues());
>                                           }
>                                           else {
>                                                 logger.debug("CASE
> 2"+norEduOrgUnitUniqueIdentifier.getValues());
>                                                    searchFilter="(|";
>                                                    for (i=0; i <
> norEduOrgUnitUniqueIdentifier.getValues().size(); i++) {
> 
> searchFilter=searchFilter
> +"("+("ATTRIBUTE-X="+ATTRIBUTE-X.getValues().get(i))+")";
> 
> logger.debug("I="+i+searchFilter);
>                                                    }
> 
> searchFilter=searchFilter+")";
> 
> logger.debug("SEARCH FILTER:" +searchFilter);
> 
> organisationalSearch.getValues().add(searchFilter);
>                                                    logger.debug("VALUES:
> "+organisationalSearch.getValues());
>                                           }
>                                  }
>                                  else {
> 
> organisationalSearch.getValues().add("ATTRIBUTE-X=XXX");
>                                  }
> 
>             ]]>
>         </ad:Script>
> 
> 
> 
> Can someone help with this problem or suggest a better way,
> 
> Thanks,
> 
> John
> 