Kerberos SPNEGO
Daniel Lutz
daniel.lutz at switch.ch
Fri May 8 07:01:27 UTC 2020
BÖSCH Christian schrieb/wrote (08.05.20 08:40):
> But now there's another error:
>
> Caused by: com.unboundid.ldap.sdk.LDAPSearchException: Unable to parse string '(|(eduPersonPrincipalName=xy at AD.ABC.NET)(uid=$krb_principalname.get(0)))' as an LDAP filter because it contains an unexpected opening parenthesis at position 69.
>
> Looks like that the unboundId library doesn't like the "(" from .get(0) ?
I'm not sure, but you may try avoiding the underscore in the attribute name "krb_principalname".
Try naming the attribute "krbPrincipalname".
I guess that the Velocity engine recognizes the variable as "$krb" instead of "$krb_principalname".
Then, your search filter expression would look like:
(|(eduPersonPrincipalName=$resolutionContext.principal)(uid=$krbPrincipalname.get(0)))
Daniel
More information about the users
mailing list