LDAP velocity based filter problem
Peter Schober
peter.schober at univie.ac.at
Mon May 30 10:48:02 EDT 2016
* Marcel Kleiber <marcel.kleiber at h-net.ch> [2016-05-30 16:06]:
> Can someone please tell why this velocity based test-term is not accepted by
> ldaptive:
> <dc:FilterTemplate>
> <![CDATA[
> #set( $filter = '(|(uid=USZ:51001)(uid=USZ:51002))' )
> $filter
> ]]>
> </dc:FilterTemplate>
>
> => 2016-05-30 15:41:43,615 - ERROR
> [net.shibboleth.idp.profile.impl.ResolveAttributes:257] - Profile Action
> ResolveAttributes: Error resolving attributes
> net.shibboleth.idp.attribute.resolver.ResolutionException: Data Connector
> 'myOrganizations': Unable to execute LDAP search
> at net.shibboleth.idp.attribute.resolver.dc.ldap.impl.LDAPDataConnector.retrieveAttributes(LDAPDataConnector.java:168)
The whole quoted string will be encoded, so that doesn't work, AFAIK.
Daniel recently provided a workaround for that use-case in the thread
"Search filter script":
http://shibboleth.net/pipermail/users/2016-May/029166.html
-peter
More information about the users
mailing list