'Getting Errors with LDAP Data Connector'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-users
Subject:    Getting Errors with LDAP Data Connector
From:       Christopher Bland via users <users () shibboleth ! net>
Date:       2024-02-28 19:48:36
Message-ID: BLAPR07MB83389B71FD2CC163B6A7C6BEB4582 () BLAPR07MB8338 ! namprd07 ! prod ! outlook ! com
[Download RAW message or body]

Hi All,

I am building a new v5 IDP from scratch.  When I add a Data Connector for our AD \
servers I keep getting errors.  My Data Connector looks like this

    <DataConnector id="fduLDAP" xsi:type="LDAPDirectory"
        ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
        baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
        principal="%{idp.attribute.resolver.LDAP.bindDN}"
        principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
        useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
        connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
        trustFile="%{idp.attribute.resolver.LDAP.trustCertificates}"
        responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}">
        <FilterTemplate>
            <![CDATA[
                %{idp.attribute.resolver.LDAP.searchFilter}
            ]]>
        </FilterTemplate>
            <ConnectionPool
            minPoolSize="%{idp.pool.LDAP.minSize:3}"
            maxPoolSize="%{idp.pool.LDAP.maxSize:10}"
            blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}"
            validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
            validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}"
            expirationTime="%{idp.pool.LDAP.idleTime:PT10M}" />
    </DataConnector>

I am getting "Error creating bean with name 'fduLDAP': Cannot create inner bean \
'(inner bean)#1afea182". Our DCs have an InCommon signed cert so I am trying to make \
use of the OS CA store.

2024-02-28 14:39:43,251 -  - ERROR \
[net.shibboleth.shared.service.AbstractReloadableService:179] - Service \
                'shibboleth.AttributeResolverService': Initial load failed
net.shibboleth.shared.service.ServiceException: Failed to load [file \
[/opt/shibboleth-idp/conf/attribute-resolver.xml], class path resource \
                [net/shibboleth/idp/conf/attribute-resolver-system.xml]]
        at net.shibboleth.shared.spring.service.ReloadableSpringService.doReload(ReloadableSpringService.java:385)
 Caused by: org.springframework.beans.factory.BeanCreationException: Error creating \
bean with name 'fduLDAP': Cannot create inner bean '(inner bean)#1afea182' of type \
[org.ldaptive.PooledConnectionFactory] while setting bean property \
                'connectionFactory'
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBeanValue(BeanDefinitionValueResolver.java:421)
 Caused by: org.springframework.beans.factory.BeanCreationException: Error creating \
bean with name '(inner bean)#1afea182': Cannot create inner bean '(inner \
bean)#7e3ccedb' of type [org.ldaptive.ConnectionConfig] while setting bean property \
                'connectionConfig'
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBeanValue(BeanDefinitionValueResolver.java:421)
 Caused by: org.springframework.beans.factory.BeanCreationException: Error creating \
bean with name '(inner bean)#7e3ccedb': Cannot create inner bean '(inner \
bean)#20e1ce62' of type [org.ldaptive.ssl.SslConfig] while setting bean property \
                'sslConfig'
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBeanValue(BeanDefinitionValueResolver.java:421)
 Caused by: org.springframework.beans.factory.BeanCreationException: Error creating \
bean with name '(inner bean)#20e1ce62': Cannot create inner bean '(inner \
bean)#329cdafa' of type \
[net.shibboleth.idp.attribute.resolver.spring.dc.ldap.impl.CredentialConfigFactoryBean] \
                while setting bean property 'credentialConfig'
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBeanValue(BeanDefinitionValueResolver.java:421)
 Caused by: org.springframework.beans.factory.BeanCreationException: Error creating \
bean with name '(inner bean)#329cdafa': Cannot create inner bean '(inner \
bean)#1f953e51' of type \
[org.opensaml.spring.credential.BasicX509CredentialFactoryBean] while setting bean \
                property 'trustCredential'
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBeanValue(BeanDefinitionValueResolver.java:421)
 Caused by: org.springframework.beans.factory.BeanCreationException: Error creating \
                bean with name '(inner bean)#1f953e51': IO error
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1770)
 Caused by: org.cryptacular.StreamException: IO error
        at org.cryptacular.util.CertUtil.readCertificateChain(CertUtil.java:328)
Caused by: java.io.IOException: extra data at the end
        at java.base/sun.security.util.DerValue.<init>(DerValue.java:428)



My ldap.properties look like

idp.authn.LDAP.authenticator                 = adAuthenticator
idp.authn.LDAP.ldapURL                          = ldaps://adserver1.fdu.edu:3269
idp.authn.LDAP.useStartTLS                    = false
idp.authn.LDAP.connectionStrategy      = ACTIVE_PASSIVE
idp.authn.LDAP.sslConfig                         = certificateTrust
idp.authn.LDAP.trustCertificates.           = \
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt \
idp.authn.LDAP.returnAttributes            = * idp.authn.LDAP.baseDN                  \
= dc=fdu,dc=edu idp.authn.LDAP.subtreeSearch               = true
idp.attribute.resolver.LDAP.searchFilter=(uid=$resolutionContext.principal)
idp.authn.LDAP.bindDN                           = service_account_DN
idp.authn.LDAP.dnFormat                       = undefined
idp.attribute.resolver.LDAP.exportAttributes    = sAMAccountName userPrincipalName \
givenName sn idp.pool.LDAP.minSize                             = 3
idp.pool.LDAP.maxSize                            = 10
idp.pool.LDAP.validateOnCheckout      = false
idp.pool.LDAP.validatePeriodically        = true
idp.pool.LDAP.validatePeriod                 = PT5M
idp.pool.LDAP.validateDN                       =
idp.pool.LDAP.validateFilter                   = (objectClass=*)
idp.pool.LDAP.prunePeriod                    = PT5M
idp.pool.LDAP.idleTime                           = PT10M
idp.pool.LDAP.blockWaitTime                = PT3S


-Chris


[Attachment #3 (text/html)]

<html xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;
	mso-ligatures:standardcontextual;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style>
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Hi All,<o:p></o:p></p>
<p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<p class="MsoNormal">I am building a new v5 IDP from scratch.&nbsp; When I add a Data \
Connector for our AD servers I keep getting errors.&nbsp; My Data Connector looks \
like this<o:p></o:p></p> <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<p class="MsoNormal">&nbsp; &nbsp; &lt;DataConnector id=&quot;fduLDAP&quot; \
xsi:type=&quot;LDAPDirectory&quot;<o:p></o:p></p> <p class="MsoNormal">&nbsp; &nbsp; \
&nbsp; &nbsp; ldapURL=&quot;%{idp.attribute.resolver.LDAP.ldapURL}&quot;<o:p></o:p></p>
 <p class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; \
baseDN=&quot;%{idp.attribute.resolver.LDAP.baseDN}&quot;<o:p></o:p></p> <p \
class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; \
principal=&quot;%{idp.attribute.resolver.LDAP.bindDN}&quot;<o:p></o:p></p> <p \
class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; \
principalCredential=&quot;%{idp.attribute.resolver.LDAP.bindDNCredential}&quot;<o:p></o:p></p>
 <p class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; \
useStartTLS=&quot;%{idp.attribute.resolver.LDAP.useStartTLS:true}&quot;<o:p></o:p></p>
 <p class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; \
connectTimeout=&quot;%{idp.attribute.resolver.LDAP.connectTimeout}&quot;<o:p></o:p></p>
 <p class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; \
trustFile=&quot;%{idp.attribute.resolver.LDAP.trustCertificates}&quot;<o:p></o:p></p> \
<p class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; \
responseTimeout=&quot;%{idp.attribute.resolver.LDAP.responseTimeout}&quot;&gt;<o:p></o:p></p>
 <p class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; \
&lt;FilterTemplate&gt;<o:p></o:p></p> <p class="MsoNormal">&nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &lt;![CDATA[<o:p></o:p></p> <p class="MsoNormal">&nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
%{idp.attribute.resolver.LDAP.searchFilter}<o:p></o:p></p> <p \
class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ]]&gt;<o:p></o:p></p> <p \
class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; &lt;/FilterTemplate&gt;<o:p></o:p></p> \
<p class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&lt;ConnectionPool<o:p></o:p></p> <p class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; minPoolSize=&quot;%{idp.pool.LDAP.minSize:3}&quot;<o:p></o:p></p> <p \
class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
maxPoolSize=&quot;%{idp.pool.LDAP.maxSize:10}&quot;<o:p></o:p></p> <p \
class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
blockWaitTime=&quot;%{idp.pool.LDAP.blockWaitTime:PT3S}&quot;<o:p></o:p></p> <p \
class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
validatePeriodically=&quot;%{idp.pool.LDAP.validatePeriodically:true}&quot;<o:p></o:p></p>
 <p class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
validateTimerPeriod=&quot;%{idp.pool.LDAP.validatePeriod:PT5M}&quot;<o:p></o:p></p> \
<p class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
expirationTime=&quot;%{idp.pool.LDAP.idleTime:PT10M}&quot; /&gt;<o:p></o:p></p> <p \
class="MsoNormal">&nbsp; &nbsp; &lt;/DataConnector&gt;<o:p></o:p></p> <p \
class="MsoNormal"><o:p>&nbsp;</o:p></p> <p class="MsoNormal">I am getting &quot;Error \
creating bean with name 'fduLDAP': Cannot create inner bean '(inner \
bean)#1afea182&quot;. Our DCs have an InCommon signed cert so I am trying to make use \
of the OS CA store.<o:p></o:p></p> <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<p class="MsoNormal">2024-02-28 14:39:43,251 -&nbsp; - ERROR \
[net.shibboleth.shared.service.AbstractReloadableService:179] - Service \
'shibboleth.AttributeResolverService': Initial load failed<o:p></o:p></p> <p \
class="MsoNormal">net.shibboleth.shared.service.ServiceException: Failed to load \
[file [/opt/shibboleth-idp/conf/attribute-resolver.xml], class path resource \
[net/shibboleth/idp/conf/attribute-resolver-system.xml]]<o:p></o:p></p> <p \
class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; at \
net.shibboleth.shared.spring.service.ReloadableSpringService.doReload(ReloadableSpringService.java:385)<o:p></o:p></p>
 <p class="MsoNormal">Caused by: \
org.springframework.beans.factory.BeanCreationException: Error creating bean with \
name 'fduLDAP': Cannot create inner bean '(inner bean)#1afea182' of type \
[org.ldaptive.PooledConnectionFactory] while setting bean property \
'connectionFactory'<o:p></o:p></p> <p class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; \
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBeanValue(BeanDefinitionValueResolver.java:421)<o:p></o:p></p>
 <p class="MsoNormal">Caused by: \
org.springframework.beans.factory.BeanCreationException: Error creating bean with \
name '(inner bean)#1afea182': Cannot create inner bean '(inner bean)#7e3ccedb' of \
type [org.ldaptive.ConnectionConfig] while setting bean property  \
'connectionConfig'<o:p></o:p></p> <p class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; at \
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBeanValue(BeanDefinitionValueResolver.java:421)<o:p></o:p></p>
 <p class="MsoNormal">Caused by: \
org.springframework.beans.factory.BeanCreationException: Error creating bean with \
name '(inner bean)#7e3ccedb': Cannot create inner bean '(inner bean)#20e1ce62' of \
type [org.ldaptive.ssl.SslConfig] while setting bean property  \
'sslConfig'<o:p></o:p></p> <p class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; at \
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBeanValue(BeanDefinitionValueResolver.java:421)<o:p></o:p></p>
 <p class="MsoNormal">Caused by: \
org.springframework.beans.factory.BeanCreationException: Error creating bean with \
name '(inner bean)#20e1ce62': Cannot create inner bean '(inner bean)#329cdafa' of \
type [net.shibboleth.idp.attribute.resolver.spring.dc.ldap.impl.CredentialConfigFactoryBean]
  while setting bean property 'credentialConfig'<o:p></o:p></p>
<p class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; at \
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBeanValue(BeanDefinitionValueResolver.java:421)<o:p></o:p></p>
 <p class="MsoNormal">Caused by: \
org.springframework.beans.factory.BeanCreationException: Error creating bean with \
name '(inner bean)#329cdafa': Cannot create inner bean '(inner bean)#1f953e51' of \
type [org.opensaml.spring.credential.BasicX509CredentialFactoryBean]  while setting \
bean property 'trustCredential'<o:p></o:p></p> <p class="MsoNormal">&nbsp; &nbsp; \
&nbsp; &nbsp; at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBeanValue(BeanDefinitionValueResolver.java:421)<o:p></o:p></p>
 <p class="MsoNormal">Caused by: \
org.springframework.beans.factory.BeanCreationException: Error creating bean with \
name '(inner bean)#1f953e51': IO error<o:p></o:p></p> <p class="MsoNormal">&nbsp; \
&nbsp; &nbsp; &nbsp; at \
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1770)<o:p></o:p></p>
 <p class="MsoNormal">Caused by: org.cryptacular.StreamException: IO \
error<o:p></o:p></p> <p class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; at \
org.cryptacular.util.CertUtil.readCertificateChain(CertUtil.java:328)<o:p></o:p></p> \
<p class="MsoNormal">Caused by: java.io.IOException: extra data at the \
end<o:p></o:p></p> <p class="MsoNormal">&nbsp; &nbsp; &nbsp; &nbsp; at \
java.base/sun.security.util.DerValue.&lt;init&gt;(DerValue.java:428)<o:p></o:p></p> \
<p class="MsoNormal"><o:p>&nbsp;</o:p></p> <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<p class="MsoNormal">My ldap.properties look like<o:p></o:p></p>
<p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<p class="MsoNormal">idp.authn.LDAP.authenticator&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp;= adAuthenticator<o:p></o:p></p> <p \
class="MsoNormal">idp.authn.LDAP.ldapURL&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; = \
ldaps://adserver1.fdu.edu:3269<o:p></o:p></p> <p \
class="MsoNormal">idp.authn.LDAP.useStartTLS &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;= false<o:p></o:p></p> <p \
class="MsoNormal">idp.authn.LDAP.connectionStrategy &nbsp; &nbsp; &nbsp;= \
ACTIVE_PASSIVE<o:p></o:p></p> <p class="MsoNormal">idp.authn.LDAP.sslConfig &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;= \
certificateTrust<o:p></o:p></p> <p \
class="MsoNormal">idp.authn.LDAP.trustCertificates.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
= /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt<o:p></o:p></p> <p \
class="MsoNormal">idp.authn.LDAP.returnAttributes &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp;= *<o:p></o:p></p> <p class="MsoNormal">idp.authn.LDAP.baseDN &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; = \
dc=fdu,dc=edu<o:p></o:p></p> <p class="MsoNormal">idp.authn.LDAP.subtreeSearch&nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;= true<o:p></o:p></p> <p \
class="MsoNormal">idp.attribute.resolver.LDAP.searchFilter=(uid=$resolutionContext.principal)<o:p></o:p></p>
 <p class="MsoNormal">idp.authn.LDAP.bindDN &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; = service_account_DN<o:p></o:p></p> \
<p class="MsoNormal">idp.authn.LDAP.dnFormat &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; = undefined<o:p></o:p></p> <p \
class="MsoNormal">idp.attribute.resolver.LDAP.exportAttributes&nbsp; &nbsp; = \
sAMAccountName userPrincipalName givenName sn<o:p></o:p></p> <p \
class="MsoNormal">idp.pool.LDAP.minSize&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; = 3<o:p></o:p></p> <p \
class="MsoNormal">idp.pool.LDAP.maxSize&nbsp; &nbsp; &nbsp;&nbsp;&nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; = 10<o:p></o:p></p> <p \
class="MsoNormal">idp.pool.LDAP.validateOnCheckout &nbsp;&nbsp; &nbsp; = \
false<o:p></o:p></p> <p class="MsoNormal">idp.pool.LDAP.validatePeriodically &nbsp; \
&nbsp;&nbsp; &nbsp; = true<o:p></o:p></p> <p \
class="MsoNormal">idp.pool.LDAP.validatePeriod &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; = PT5M<o:p></o:p></p> <p \
class="MsoNormal">idp.pool.LDAP.validateDN &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; =<o:p></o:p></p> <p \
class="MsoNormal">idp.pool.LDAP.validateFilter &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp;&nbsp; &nbsp;= (objectClass=*)<o:p></o:p></p> <p \
class="MsoNormal">idp.pool.LDAP.prunePeriod&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp;&nbsp; &nbsp;= PT5M<o:p></o:p></p> <p \
class="MsoNormal">idp.pool.LDAP.idleTime &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;&nbsp; = PT10M<o:p></o:p></p> <p \
class="MsoNormal">idp.pool.LDAP.blockWaitTime&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; = PT3S<o:p></o:p></p> <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<p class="MsoNormal">-Chris<o:p></o:p></p>
</div>
</body>
</html>



-- 
For Consortium Member technical support, see https://shibboleth.atlassian.net/wiki/x/ZYEpPw
To unsubscribe from this list send an email to users-unsubscribe@shibboleth.net

--===============6788201936628829762==--

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic