LDAP velocity based filter problem
Marcel Kleiber
marcel.kleiber at h-net.ch
Mon May 30 10:05:50 EDT 2016
Hi
Can someone please tell why this velocity based test-term is not
accepted by ldaptive:
<dc:FilterTemplate>
<![CDATA[
#set( $filter = '(|(uid=USZ:51001)(uid=USZ:51002))' )
$filter
]]>
</dc:FilterTemplate>
=> 2016-05-30 15:41:43,615 - ERROR
[net.shibboleth.idp.profile.impl.ResolveAttributes:257] - Profile Action
ResolveAttributes: Error resolving attributes
net.shibboleth.idp.attribute.resolver.ResolutionException: Data
Connector 'myOrganizations': Unable to execute LDAP search
at
net.shibboleth.idp.attribute.resolver.dc.ldap.impl.LDAPDataConnector.retrieveAttributes(LDAPDataConnector.java:168)
Caused by: org.ldaptive.LdapException:
javax.naming.directory.InvalidSearchFilterException: invalid attribute
description; remaining name 'ou=HCRegulatedOrganization,o=HPDICW,dc=HPD'
at
org.ldaptive.provider.ProviderUtils.throwOperationException(ProviderUtils.java:77)
Caused by: javax.naming.directory.InvalidSearchFilterException: invalid
attribute description
at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:446)
Contents is ok, this one is accepted:
<dc:FilterTemplate>
<![CDATA[
(|(uid=$artOwnerRegex.get(0))(uid=$artOwnerRegex.get(1)))
]]>
</dc:FilterTemplate>
with $artOwnerRegex content according to acli:
> "name": "artOwnerRegex",
> "values": [
> "StringAttributeValue{value=USZ:51001}",
"StringAttributeValue{value=USZ:51002}" ]
> },
Thanks for your help!
Marcel
More information about the users
mailing list