Troubles with idp.authn.LDAP.returnAttributes property

Cantor, Scott cantor.2 at
Thu Oct 3 11:52:43 EDT 2019

On 10/3/19, 11:22 AM, "users on behalf of Peter Schober" <users-bounces at on behalf of peter.schober at> wrote:

> But even then a default would only apply if the property wasn't set,
> but you did set it, only to empty value?
> I may still be misunderstanding this but AFAICT it works as desiged:
> You told the IDP to get everything by setting the property to nothing,
> That's LDAP search request attribtues for you.

That's it in a nutshell. The "default" is 1.1, which, ok, that's a weird thing but apparently part of the standard, so that's just me confused. But setting it to empty will override that default and will do the empty string thing, thus you get everything. So working as designed, yes. It would be tricky to add a warning, though not impossible.

-- Scott

More information about the users mailing list