the question is simple, i need to tell to the attribute-resolver.xml
to follow the referral, how can i do that?
this setting of attribute-resolver.xml
===================
<resolver:DataConnector id="myLDAP" xsi:type="dc:LDAPDirectory"
ldapURL="ldap://IPOFMYDC/"
baseDN="dc=mydomain,dc=it"
principal="acc...@mydomain.it"
principalCredential="password"
referral="follow">
<dc:FilterTemplate>
<![CDATA[(sAMAccountName=$requestContext.principalName)]]>
</dc:FilterTemplate>
</resolver:DataConnector>
=======================
gives this error
=======================
09:57:49.625 - INFO
[edu.internet2.middleware.shibboleth.common.config.BaseService:157] -
Loading new configuration for service shibboleth.AttributeResolver
09:57:49.743 - ERROR
[edu.internet2.middleware.shibboleth.common.config.BaseService:187] -
Configuration was not loaded for shibboleth.AttributeResolver service,
error creating components. The root cause of this error was:
org.xml.sax.SAXParseException: cvc-complex-type.3.2.2: Attribute
'referral' is not allowed to appear in element 'resolver:DataConnector'.
========================
i've seen, using vt-ldap java libraries and their ldapsearch that
the following command fails
=========================
root@machine:/opt/Backup/JAAS/vt-ldap-3.3.3/bin# ./ldapsearch -ldapUrl
ldap://IPOFMYDC -baseDn dc=mydomain,dc=it -bindDn acc...@mydomain.it
-query cn=usertolookfor -bindCredential PASSWORD
[DEBUG] Ldap - Search with the following parameters:
[DEBUG] Ldap - dn = dc=mydomain,dc=it
[DEBUG] Ldap - filter = cn=usertolookfor
[DEBUG] Ldap - filterArgs = []
[DEBUG] Ldap - searchControls =
javax.naming.directory.SearchControls@ae94e92
[DEBUG] Ldap - handler =
[edu.vt.middleware.ldap.handler.FqdnSearchResultHandler@5b2558d6]
[DEBUG] DefaultConnectionHandler - Bind with the following parameters:
[DEBUG] DefaultConnectionHandler - authtype = simple
[DEBUG] DefaultConnectionHandler - dn = acc...@mydomain.it
[DEBUG] DefaultConnectionHandler - credential = <suppressed>
Operation failed:
javax.naming.PartialResultException: Unprocessed Continuation
Reference(s); remaining name 'dc=idemts,dc=units,dc=it'
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
at
com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129)
at
com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:198)
at
com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
at
edu.vt.middleware.ldap.handler.AbstractResultHandler.process(AbstractResultHandler.java:83)
at edu.vt.middleware.ldap.AbstractLdap.search(AbstractLdap.java:231)
at edu.vt.middleware.ldap.Ldap.search(Ldap.java:431)
at edu.vt.middleware.ldap.Ldap.search(Ldap.java:347)
at edu.vt.middleware.ldap.Ldap.search(Ldap.java:221)
at edu.vt.middleware.ldap.LdapCli.search(LdapCli.java:149)
at edu.vt.middleware.ldap.LdapCli.dispatch(LdapCli.java:118)
at
edu.vt.middleware.ldap.AbstractCli.performAction(AbstractCli.java:101)
at edu.vt.middleware.ldap.LdapCli.main(LdapCli.java:60)
=================
while if i specify to follow referral the command succesed
===================
root@machine:/opt/Backup/JAAS/vt-ldap-3.3.3/bin# ./ldapsearch -ldapUrl
ldap://IPOFMYDC -baseDn dc=mydomain,dc=it -bindDn acc...@mydomain.it
-query cn=usertolookfor -referral follow -bindCredential PASSWORD
[DEBUG] Ldap - Search with the following parameters:
[DEBUG] Ldap - dn = dc=mydomain,dc=it
[DEBUG] Ldap - filter = cn=usertolookfor
[DEBUG] Ldap - filterArgs = []
[DEBUG] Ldap - searchControls =
javax.naming.directory.SearchControls@ae94e92
[DEBUG] Ldap - handler =
[edu.vt.middleware.ldap.handler.FqdnSearchResultHandler@5b2558d6]
[DEBUG] DefaultConnectionHandler - Bind with the following parameters:
[DEBUG] DefaultConnectionHandler - authtype = simple
[DEBUG] DefaultConnectionHandler - dn = acc...@mydomain.it
[DEBUG] DefaultConnectionHandler - credential = <suppressed>
dn: CN=arjuna,OU=idp,dc=mydomain,dc=it
eduPersonPrincipalName: usertolookfor
eduPersonAffiliation: faculty
eduPersonScopedAffiliation: faculty
dSCorePropagationData: 16010101000000.0Z
lastLogonTimestamp: 129485583710468750
sAMAccountType: 805306368
eduPersonNickname: arj
whenChanged: 20110429134611.0Z
logonCount: 0
sAMAccountName: usertolookfor
primaryGroupID: 513
name: usertolookfor
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=mydomain,DC=it
eduPersonEntitlement: maestro della ruota
distinguishedName: CN=usertolookfor,OU=idp,DC=mydomain,DC=it
uSNChanged: 16432
objectSid:: AQUAAAAAAAUVAAAA77+977+977+9AkgCNhzvv73vv73vv73vv71QBAAA
whenCreated: 20110429132925.0Z
badPasswordTime: 0
userAccountControl: 544
countryCode: 0
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top
uSNCreated: 16410
badPwdCount: 0
instanceType: 4
lastLogoff: 0
pwdLastSet: 129485578781562500
accountExpires: 9223372036854775807
codePage: 0
cn: usertolookfor
lastLogon: 0
objectGUID:: xpTvv73vv71S77+977+9S++/vXbvv73vv70n77+977+977+9
thanks for helping
Arjuna Scagnetto
Servizi Informatici Facoltà di Medicina e Chirurgia
Università degli Studi di Trieste
Ospedale di Cattinara Via Strada Fiume 447
34149 Trieste - ITALY
voice: +39 040 912994
fax : +39 040 399 4679
email: ascag...@units.it
web : http://www.fmc.units.it/ServiziInformatici
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Try adding <LDAPProperty name="edu.vt.middleware.ldap.referral"
value="follow"/>
--Daniel Fisher
that line gives me a parse error while this one works fine
<dc:LDAPProperty name="edu.vt.middleware.ldap.referral" value="follow"/>
thanks
Arjuna