Shibboleth Developers

[Walter Hoehn <>]

What it can do now is aggregate the information from multiple results objects.  To do that, you want (mergeMultipleResults="TRUE").

-Walter

On Mar 31, 2006, at 12:34 PM, Will Norris wrote:

How is the attribute resolver (specifically the JNDI connector) supposed to behave if it receives multiple results?  Presently it is throwing the following error:

2634 [main] ERROR edu.internet2.middleware.shibboleth.aa.attrresolv.provider.JNDIDirectoryDataConnector  - Multiple results returned from filter uid=%PRINCIPAL% for principal edu.internet2.middleware.shibboleth.common.LocalPrincipal@507b0105, only one expected.

The problem with that here at USC is that while people should be logging in with their UID, it is not necessarily unique in the directory... people can have multiple accounts with the same uid (it's ugly I know, but that's how it is).  Brendan seems to remember hearing somewhere that the resolver would use the first result and ignore the rest.  Obviously, it's not behaving that way, and the error message indicates that it is not supposed to either.  Would something like this be possible, or at least configurable?  Or am I left writing a custom DataConnector?

Thanks,

Will