LDAP velocity based filter problem
Marcel Kleiber
marcel.kleiber at h-net.ch
Mon May 30 17:31:30 EDT 2016
Hi Peter
Thank you for the pointer, it *works* :-)
But what are the rules behind this?
- velocity elements must be part of the ()-enclosed filter expression ?
- No velocity elements on CDATA level ?
Do we have to scan the implementation source to find such things out ?
Marcel
On 30.05.2016 16:48, Peter Schober wrote:
> * Marcel Kleiber <marcel.kleiber at h-net.ch> [2016-05-30 16:06]:
>> Can someone please tell why this velocity based test-term is not accepted by
>> ldaptive:
>> <dc:FilterTemplate>
>> <![CDATA[
>> #set( $filter = '(|(uid=USZ:51001)(uid=USZ:51002))' )
>> $filter
>> ]]>
>> </dc:FilterTemplate>
>>
>> => 2016-05-30 15:41:43,615 - ERROR
>> [net.shibboleth.idp.profile.impl.ResolveAttributes:257] - Profile Action
>> ResolveAttributes: Error resolving attributes
>> net.shibboleth.idp.attribute.resolver.ResolutionException: Data Connector
>> 'myOrganizations': Unable to execute LDAP search
>> at net.shibboleth.idp.attribute.resolver.dc.ldap.impl.LDAPDataConnector.retrieveAttributes(LDAPDataConnector.java:168)
> The whole quoted string will be encoded, so that doesn't work, AFAIK.
> Daniel recently provided a workaround for that use-case in the thread
> "Search filter script":
> http://shibboleth.net/pipermail/users/2016-May/029166.html
> -peter
More information about the users
mailing list