IDP 3.4 - Service 'shibboleth.AttributeResolverService': Initial load failed

Gustavo Duarte gus.duarte at gmail.com
Fri Mar 13 12:46:11 EDT 2020 

Hi all,

I'm seeing an error at starting, and can't figure out where is the problem.

The logs says, something like: Could not resolve placeholder
'idp.attribute.resolver.LDAP.searchFilter', however I have not write this
at any place.

2020-03-13 12:12:00,176 -  - ERROR
[net.shibboleth.utilities.java.support.service.AbstractReloadableService:182]
- Service 'shibboleth.AttributeResolverService': Initial load failed
net.shibboleth.utilities.java.support.service.ServiceException:
org.springframework.beans.factory.BeanDefinitionStoreException: Invalid
bean definition with name 'myLDAP' defined in null: Could not resolve
placeholder 'idp.attribute.resolver.LDAP.searchFilter' in value
"%{idp.attribute.resolver.LDAP.searchFilter}"; nested exception is
java.lang.IllegalArgumentException: Could not resolve placeholder
'idp.attribute.resolver.LDAP.searchFilter' in value
"%{idp.attribute.resolver.LDAP.searchFilter}"
        at
net.shibboleth.ext.spring.service.ReloadableSpringService.doReload(ReloadableSpringService.java:377)
Caused by: org.springframework.beans.factory.BeanDefinitionStoreException:
Invalid bean definition with name 'myLDAP' defined in null: Could not
resolve placeholder 'idp.attribute.resolver.LDAP.searchFilter' in value
"%{idp.attribute.resolver.LDAP.searchFilter}"; nested exception is
java.lang.IllegalArgumentException:


My LDAP connector in attribute-resolver.xml is:

<DataConnector
    id="myLDAP"
    xsi:type="LDAPDirectory"
    ldapURL="%{idp.authn.LDAP.ldapUR}"
    baseDN="%{idp.authn.LDAP.baseDN}"
    principal="%{idp.authn.LDAP.bindDN}"
    principalCredential="%{idp.authn.LDAP.bindDNCredential}"
    trustFile="%{idp.authn.LDAP.trustCertificates}">
    <FilterTemplate>
      <![CDATA[
                %{idp.authn.LDAP.searchFilter}
            ]]>
    </FilterTemplate>
    <ReturnAttributes>*</ReturnAttributes>
  </DataConnector>

And my ldap.properties is:

idp.authn.LDAP.authenticator = bindSearchAuthenticator
idp.authn.LDAP.ldapURL = ldap://localhost:389
idp.authn.LDAP.useStartTLS = false
idp.authn.LDAP.useSSL = false
idp.authn.LDAP.returnAttributes = uid
idp.authn.LDAP.baseDN = ou=people,dc=gusduarte,dc=tech
idp.authn.LDAP.userFilter = (uid={user})
idp.authn.LDAP.bindDN = cn=admin,dc=gusduarte,dc=tech
idp.authn.LDAP.bindDNCredential = pass123
idp.authn.LDAP.searchFilter = (uid=$resolutionContext.principal)


I don't understand why the system is complaining
for 'idp.attribute.resolver.LDAP.searchFilter' if I didn't set in any place.

Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200313/da0dfe18/attachment.html>

More information about the users mailing list