Search filter script

Peter Schober peter.schober at
Mon May 2 18:22:48 EDT 2016

* John Morrison <john.morrison at> [2016-05-03 00:13]:
> We have a tricky data model in our LDAP structure, arranged in
> different DN:s based on how many departments an employee is working
> in. We search out all departments based on their employee number
> returning multiple DN:s

Just how do your other applications (incl COTS) and services handle
that case? They won't all offer methods the Shibboleth IDP does,
including scripting?  Seems to me adding an abstraction layer (or
additional processing steps, possibly flattening some of thoe
structures in form of LDAP attributes) would be in order, simplyfying
all other application integrations as well.

> this worked OK in IDPv2 but not in V3.

What Java versions are you using with v2 vs. v3 and what scripting
engine (Rhino vs. Nashorn)?


More information about the users mailing list