Kerberos SPNEGO

Daniel Lutz daniel.lutz at
Fri May 8 07:01:27 UTC 2020

BÖSCH Christian schrieb/wrote (08.05.20 08:40):
> But now there's another error:
> Caused by: com.unboundid.ldap.sdk.LDAPSearchException: Unable to parse string '(|(eduPersonPrincipalName=xy at AD.ABC.NET)(uid=$krb_principalname.get(0)))' as an LDAP filter because it contains an unexpected opening parenthesis at position 69.
> Looks like that the unboundId library doesn't like the "(" from .get(0) ?

I'm not sure, but you may try avoiding the underscore in the attribute name "krb_principalname".
Try naming the attribute "krbPrincipalname".

I guess that the Velocity engine recognizes the variable as "$krb" instead of "$krb_principalname".

Then, your search filter expression would look like:



More information about the users mailing list