Shibboleth Developers

[Dan McLaughlin <>]

Hi Daniel,

Actually dereference alias "never" means "Never dereferences aliases".
  So if you have an alias it will not be returned.  When we leave the
default "always" then the alias and the object is references is
returned and we get the exception about too many results returned.

The documentation from Sun/Oracle confirms my understanding.
http://download.oracle.com/javase/jndi/tutorial/ldap/misc/aliases.html

--

Thanks,

Dan McLaughlin

NOTICE: This e-mail message and all attachments transmitted with it
are for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is strictly prohibited. The contents of
this e-mail are confidential and may be subject to work product
privileges. If you are not the intended recipient, please contact the
sender by reply e-mail and destroy all copies of the original message.




On Fri, Jun 3, 2011 at 4:20 PM, Daniel Fisher 
<>
 wrote:
> I ran some regression tests and didn't see any problems with the
> library versions you mentioned.
> From your logs:
>
>> 10:16:51.792 - TRACE
>> [edu.vt.middleware.ldap.auth.SearchDnResolver:200] -   config =
>> {java.naming.provider.url=ldap://ldap01:636,
>> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
>> java.naming.ldap.derefAliases=never,
>> java.naming.security.protocol=ssl}
>
> it appears the derefAliases property is set.
>
> The interesting thing here is that using that property should produce
> the opposite result than what you are looking for. Using 'always' (the
> default) will have the server dereference and you won't be returned
> any aliases. Using 'never' will return aliases and thus cause problems
> in DN resolution. I'm assuming this is an eDirectory bug you're
> working around?
>
> Regardless the login.config packaged in the distro should be updated
> to reflect the newer properties.
>
> --Daniel Fisher
>