Shibboleth Developers

[Daniel Fisher <>]

I ran some regression tests and didn't see any problems with the
library versions you mentioned.
From your logs:

> 10:16:51.792 - TRACE
> [edu.vt.middleware.ldap.auth.SearchDnResolver:200] -   config =
> {java.naming.provider.url=ldap://ldap01:636,
> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
> java.naming.ldap.derefAliases=never,
> java.naming.security.protocol=ssl}

it appears the derefAliases property is set.

The interesting thing here is that using that property should produce
the opposite result than what you are looking for. Using 'always' (the
default) will have the server dereference and you won't be returned
any aliases. Using 'never' will return aliases and thus cause problems
in DN resolution. I'm assuming this is an eDirectory bug you're
working around?

Regardless the login.config packaged in the distro should be updated
to reflect the newer properties.

--Daniel Fisher