Troubles with idp.authn.LDAP.returnAttributes property
Peter Schober
peter.schober at univie.ac.at
Thu Oct 3 10:48:18 EDT 2019
* Peter Schober <peter.schober at univie.ac.at> [2019-10-03 16:44]:
> * Guillaume Rousse <guillaume.rousse at renater.fr> [2019-10-03 15:39]:
> > Our current configuration uses the default ldap.properties file content:
> > ## Return attributes during authentication
> > idp.authn.LDAP.returnAttributes =
>
> That's not the default, at least not in my conf/ldap.properties nor
> in the shipped distributed copy in dist/conf/ldap.properties which you
> could check yourself:
>
> idp.authn.LDAP.returnAttributes = passwordExpirationTime,loginGraceRemaining
Having said that I do agree that it would be a good precaution for the
IDP to default to something else if that property was unset by the
deployer, however that would work, essentially forcing the depolyer to
set that property to "1.1" when they really mean "give me all
attributes I have access to".
Note the minor "however that would work" caveat.
-peter
More information about the users
mailing list