Search filter script

Douglas E Engert deengert at gmail.com
Mon May 2 19:44:31 EDT 2016 

http://www.ldaptive.org/docs/guide/operations/search.html
"The SearchFilter object provides support for both positional and named parameters.
  Values provided as parameters are escaped according to RFC 2254."

might help. It looks like you are building a string, then passing it as the value
to be searched, so the whole string is escaped gets escaped.

You may need to look at doing something like the "Named" example.

		
On 5/2/2016 7:41 AM, John Morrison wrote:
> Hello shibbers,
>
>
>
> I have a scripted search filter built on a multi-value attribute, which
> in turn, searches the ldap in another part of the tree using a separate
> data connector based on the values obtained from the first/default ldap
> search connector.
>
> If the value is single, that works.
>
> But when I get hit by two values, I'm stuffed by the characters ( = \28
> and ) = \29.
>
>
>
> Should work as a search filter as the VALUES:
> [(|(ATTRIBUTE-X=VALUE1)(ATTRIBUTE-X=VALUE2))]  come out as this.
>
> But the search filter yields:
>
> LDAP SEARCH Template text ($organisationalSearch.get(0)) yields
>
> (\28|\28ATTRIBUTE-X=VALUE1\29\28ATTRIBUTE-X=VALUE2\29\29)
>
>
> ERROR [net.shibboleth.idp.profile.impl.ResolveAttributes:257] - Profile
> Action ResolveAttributes: Error resolving attributes
> net.shibboleth.idp.attribute.resolver.ResolutionException: Data
> Connector 'myLDAPorganisation': Unable to execute LDAP search
>
>
>
>  <![CDATA[
>
>                                 logger =
> Java.type("org.slf4j.LoggerFactory").getLogger("net.shibboleth.idp.attribute.resolver.test");
>                                  if ((employeeType) &&
> (employeeType.getValues().contains("EMPLOYED")) && (ATTRIBUTE-X)) {
>                                           if
> (ATTRIBUTE-X.getValues().size()==1) {
>
> organisationalSearch.getValues().add("ATTRIBUTE-X="+ATTRIBUTE-X.getValues().get(0));
>                                         logger.debug("CASE
> 1"+organisationalSearch.getValues());
>                                           }
>                                           else {
>                                                 logger.debug("CASE
> 2"+norEduOrgUnitUniqueIdentifier.getValues());
>                                                    searchFilter="(|";
>                                                    for (i=0; i <
> norEduOrgUnitUniqueIdentifier.getValues().size(); i++) {
>
> searchFilter=searchFilter
> +"("+("ATTRIBUTE-X="+ATTRIBUTE-X.getValues().get(i))+")";

Should the above be:
   +"("+"(ATTRIBUTE-X="+ATTRIBUTE-X.getValues().get(i))+")";
        ^^

>
> logger.debug("I="+i+searchFilter);
>                                                    }
>
> searchFilter=searchFilter+")";
>
> logger.debug("SEARCH FILTER:" +searchFilter);
>
> organisationalSearch.getValues().add(searchFilter);
>                                                    logger.debug("VALUES:
> "+organisationalSearch.getValues());
>                                           }
>                                  }
>                                  else {
>
> organisationalSearch.getValues().add("ATTRIBUTE-X=XXX");
>                                  }
>
>             ]]>
>         </ad:Script>
>
>
>
> Can someone help with this problem or suggest a better way,
>
> Thanks,
>
> John
>

-- 

  Douglas E. Engert  <DEEngert at gmail.com>

More information about the users mailing list