attribute-resolver-ldap.xml and attribute-resolver.xml

Shweta Kautia skautia at
Thu May 5 08:51:13 EDT 2016


So, based on your replies, I emptied the -ldap.xml file, copied over to attribute-resolver.xml. Now the DC is not producing any attribs. I have the log attached below.
I have all vars used in myLDAP DC defined in Some relevant ones here:
idp.authn.LDAP.userFilter                       = (uid={sAMAccountName})
idp.attribute.resolver.LDAP.searchFilter        = (uid=${resolutionContext.principal})
idp.attribute.resolver.LDAP.returnAttributes	=cn,sn,displayName,mail,sAMAccountName,givenName.

Question: What is causing no entries to be returned, even after uid is found? “Results did not contain any entries, nothing to map”..

Attempting to resolve the following attribute definitions [uid, mail, eduPersonScopedAffiliation, displayName, logoutURL, givenName, eduPersonPrincipalName, sn]
2016-05-04 14:42:14,276 - TRACE [net.shibboleth.idp.attribute.resolver.impl.AttributeResolverImpl:251] - Attribute Resolver 'ShibbolethAttributeResolver': Beginning to resolve attribute definition 'uid'
2016-05-04 14:42:14,276 - DEBUG [net.shibboleth.idp.attribute.resolver.impl.AttributeResolverImpl:372] - Attribute Resolver 'ShibbolethAttributeResolver': Resolving dependencies for 'uid'
2016-05-04 14:42:14,277 - DEBUG [net.shibboleth.idp.attribute.resolver.impl.AttributeResolverImpl:329] - Attribute Resolver 'ShibbolethAttributeResolver': Resolving data connector myLDAP
2016-05-04 14:42:14,278 - TRACE [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:165] - Creating search filter using attribute resolution context net.shibboleth.idp.attribute.resolver.context.AttributeResolutionContext at 3ece7128
2016-05-04 14:42:14,279 - TRACE [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:170] - Adding v2 request context V2SAMLProfileRequestContext{Id=null, PrincipalName=skautia, PeerEntityId=https://......./sp/shibboleth, LocalEntityId=https://......../idp/shibboleth}
2016-05-04 14:42:14,282 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:212] - Template text (uid=${resolutionContext.principal}) yields (uid=skautia)
2016-05-04 14:42:14,417 - TRACE [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.AbstractExecutableSearchFilterBuilder:62] - Search returned response [org.ldaptive.Response at 1833608032::result=[org.ldaptive.SearchResult at 4303153::entries=[], references=[]], resultCode=SUCCESS, message=null, matchedDn=null, responseControls=null, referralURLs=[.......], messageId=-1]
2016-05-04 14:42:14,418 - TRACE [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.LDAPDataConnector:165] - Data Connector 'myLDAP': Search returned [org.ldaptive.SearchResult at 4303153::entries=[], references=[]]
2016-05-04 14:42:14,418 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.StringAttributeValueMappingStrategy:60] - Results did not contain any entries, nothing to map
2016-05-04 14:42:14,419 - TRACE [net.shibboleth.idp.attribute.resolver.dc.impl.AbstractSearchDataConnector:190] - Data Connector 'myLDAP': Resolved attributes: null
2016-05-04 14:42:14,419 - DEBUG [net.shibboleth.idp.attribute.resolver.AbstractDataConnector:136] - myLDAP no attributes were produced during resolution
2016-05-04 14:42:14,420 - INFO [net.shibboleth.idp.attribute.resolver.AbstractResolverPlugin:191] - Resolver plugin 'myLDAP' produced no value.


> On May 4, 2016, at 1:00 PM, Peter Schober <peter.schober at> wrote:
> * Shweta Kautia <skautia at> [2016-05-04 18:56]:
>> We are setting up 3.2.1 from scratch. We’re moving up from V2, and
>> I’m fairly new at this setup. Quick question(s)- do
>> attribute-resolver-ldap.xml and attribute-resolver.xml work in
>> coexistence or only either is to be used?
> I think the idea what that you'd pick either one you want to start
> from, possibly copying attribute-resolver-ldap.xml to
> attribute-resolver.xml. Either way a single resolver config file
> should suffice, so that's where all definitions go.
> -peter
> -- 
> To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list