>>> On 25/08/2008 at 16:32, in message
<[log in to unmask]>,
"Williams, John" <[log in to unmask]> wrote:
> Can't you set returningAttributes in the JNDIDirectoryDataConnector to limit
> the attributes returned, we don't use it now as we don't have a problem
> returning all attributes.
Thanks to John for pointing me in the right direction re the restricted attribute list.
I googled to try and find some examples of this in use and couldn't find any so had a go with it and it works fine. For anyone else needing to do this who might not know for sure how it's done, here's my jndi config:
<JNDIDirectoryDataConnector id="directory">
<Search filter="cn=%PRINCIPAL%">
<Controls searchScope="SUBTREE_SCOPE" returningObjects="false"
returningAttributes="dUNUNIEResourcesSet,workforceID,ou,o,cn,givenName"/>
</Search>
<Property name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory" />
<Property name="java.naming.provider.url" value="ldap://ldap2.dundee.ac.uk:389/o=dundee" />
<Property name="java.naming.security.principal" value="cn=ldapshib,ou=system,o=dundee" />
<Property name="java.naming.security.credentials" value="********" />
</JNDIDirectoryDataConnector>
I wouldn't normally have been wanting givenName but added that in to see the attribute delivered and then not when it was removed. A wireshark trace showed the search request being sent just for those attributes. Ahh, software that does what it says on the tin - remarkably refreshing!!
Cheers
Andy
The University of Dundee is a registered Scottish charity, No: SC015096
|