Shibboleth Developers

[Will Norris <>]

How is the attribute resolver (specifically the JNDI connector)  
supposed to behave if it receives multiple results?  Presently it is  
throwing the following error:

2634 [main] ERROR  
edu.internet2.middleware.shibboleth.aa.attrresolv.provider.JNDIDirectory 
DataConnector  - Multiple results returned from filter uid=%PRINCIPAL 
% for principal  
edu.internet2.middleware.shibboleth.common.LocalPrincipal@507b0105,  
only one expected.

The problem with that here at USC is that while people should be  
logging in with their UID, it is not necessarily unique in the  
directory... people can have multiple accounts with the same uid  
(it's ugly I know, but that's how it is).  Brendan seems to remember  
hearing somewhere that the resolver would use the first result and  
ignore the rest.  Obviously, it's not behaving that way, and the  
error message indicates that it is not supposed to either.  Would  
something like this be possible, or at least configurable?  Or am I  
left writing a custom DataConnector?

Thanks,
Will