variables in FilterTemplate (recursive group membership MS-AD)
Cantor, Scott
cantor.2 at osu.edu
Wed Nov 28 10:00:01 EST 2018
On 11/28/18, 9:04 AM, "users on behalf of Peter Schober" <users-bounces at shibboleth.net on behalf of peter.schober at univie.ac.at> wrote:
> An internal attribute with distinguishedName exists and has the
> expected value (I can see it in aacli if I attach an encoder and
> release it to an SP).
The only two sanity checks I can suggest are:
Make sure there's an actual dependency defined for that attribute definition in the LDAP connector.
Turn on TRACE logging for "net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder" and see if it logs that attribute being injected into the template and how many values it says are included.
log.trace("Adding dependency {} to context with {} value(s)", entry.getKey(), values.size());
-- Scott
More information about the users
mailing list