Ldap Shibboleth IDP无法解析属性

我有一个配置为使用Zentyal 5进行身份验证的Shibboleth IDP，我可以使用有效用户进行身份验证，但IDP无法解析属性

我可以从下面的日志中看到，找到了属性，但没有得到解决

***********************找到的属性*****************************

10:41:26.940 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:119] - shibboleth.AttributeResolver resolving attributes for principal edison
10:41:26.940 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:275] - Specific attributes for principal edison were not requested, resolving all attributes.
10:41:26.941 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute employeeType for principal edison
10:41:26.942 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:354] - Resolving data connector myLDAP for principal edison
10:41:26.961 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:308] - Search filter: (sAMAccountName=edison)
10:41:26.961 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:363] - LDAP data connector myLDAP - Retrieving attributes from LDAP
10:41:27.004 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: lastlogontimestamp[131406840205649190]
10:41:27.005 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: countrycode[0]
10:41:27.005 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: givenname[Edison]
10:41:27.006 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: whenchanged[20170531060020.0Z]
10:41:27.006 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: lastlogoff[0]
10:41:27.006 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: instancetype[4]
10:41:27.006 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: codepage[0]
10:41:27.006 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: uidnumber[65536]
10:41:27.006 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: usncreated[3827]
10:41:27.006 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: quota[500]
10:41:27.007 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: usnchanged[3866]
10:41:27.007 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: logoncount[0]
10:41:27.007 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: badpwdcount[0]
10:41:27.007 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: whencreated[20170505111349.0Z]
10:41:27.007 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: description[Testing]
10:41:27.007 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: name[Edison Trutwein]
10:41:27.007 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: objectcategory[CN=Person,CN=Schema,CN=Configuration,DC=list,DC=test]
10:41:27.042 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: homedirectory[/home/edison]
10:41:27.042 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: objectclass[organizationalPerson, person, posixAccount, systemQuotas, user, top]
10:41:27.058 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: sn[Trutwein]
10:41:27.058 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: useraccountcontrol[512]
10:41:27.058 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: lastlogon[0]
10:41:27.075 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: pwdlastset[131406013011869710]
10:41:27.076 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: samaccounttype[805306368]
10:41:27.076 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: badpasswordtime[0]
10:41:27.076 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: gidnumber[2513]
10:41:27.079 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: distinguishedname[CN=Edison Trutwein,CN=Users,DC=list,DC=test]
10:41:27.079 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: cn[Edison Trutwein]
10:41:27.079 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: entrydn[CN=Edison Trutwein,CN=Users,DC=list,DC=test]
10:41:27.217 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: primarygroupid[513]
10:41:27.218 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: samaccountname[edison]
10:41:27.218 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: objectsid[ֹP<ψ0�vQ]
10:41:27.218 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: accountexpires[9223372036854775807]
10:41:27.232 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: userprincipalname[edison@list.TEST]
10:41:27.232 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: objectguid[�����H�.����]
10:41:27.232 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414] - LDAP data connector myLDAP - Found the following attribute: displayname[Edison Trutwein]
10:41:27.258 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute employeeType containing 0 values
10:41:27.259 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute uid for principal edison
10:41:27.259 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute uid containing 0 values
10:41:27.259 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute eduPersonPrincipalName for principal edison

10:41:27.259 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute eduPersonPrincipalName containing 0 values
10:41:27.259 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute eduPersonAffiliation for principal edison
10:41:27.259 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute eduPersonAffiliation containing 0 values
10:41:27.259 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute mail for principal edison
10:41:27.259 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute mail containing 0 values
10:41:27.260 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute commonName for principal edison
10:41:27.260 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute commonName containing 1 values
10:41:27.260 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute eduPersonPrimaryAffiliation for principal edison
10:41:27.260 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute eduPersonPrimaryAffiliation containing 0 values
10:41:27.260 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute ou for principal edison
10:41:27.260 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute ou containing 0 values
10:41:27.260 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute transientId for principal edison
10:41:27.260 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.TransientIdAttributeDefinition:97] - Building transient ID for request _c05cefd016e7d0d25848181edd085a43; outbound message issuer: https://10.1.50.11:8443/idp/shibboleth, inbound message issuer: https://10.1.50.11/shibboleth, principal identifer: edison
10:41:27.261 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.TransientIdAttributeDefinition:115] - Created transient ID _cc940ddd05433be9a8289a4a563b29d3 for request _c05cefd016e7d0d25848181edd085a43
10:41:27.261 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute transientId containing 1 values
10:41:27.261 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute surname for principal edison
10:41:27.261 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute surname containing 1 values
10:41:27.261 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute o for principal edison
10:41:27.261 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute o containing 0 values
10:41:27.262 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute eduPersonPrimaryOrgUnitDN for principal edison
10:41:27.262 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute eduPersonPrimaryOrgUnitDN containing 0 values
10:41:27.262 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute givenName for principal edison
10:41:27.262 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute givenName containing 0 values
10:41:27.262 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute memberOf for principal edison
10:41:27.262 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute memberOf containing 0 values
10:41:27.262 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute eduPersonNickname for principal edison
10:41:27.262 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute eduPersonNickname containing 0 values
10:41:27.262 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute preferredLanguage for principal edison
10:41:27.262 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute preferredLanguage containing 0 values
10:41:27.263 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute eduPersonTargetedID for principal edison
10:41:27.263 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:354] - Resolving data connector computedID for principal edison
10:41:27.263 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.ComputedIDDataConnector:121] - Source attribute sAMAccountName for connector computedID provide no values
10:41:27.263 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute eduPersonTargetedID containing 0 values
10:41:27.263 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute eduPersonOrgDN for principal edison
10:41:27.263 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute eduPersonOrgDN containing 0 values
10:41:27.263 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute eduPersonOrgUnitDN for principal edison
10:41:27.263 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute eduPersonOrgUnitDN containing 0 values
10:41:27.263 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute departmentNumber for principal edison
10:41:27.264 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute departmentNumber containing 0 values
10:41:27.264 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute sAMAccountName for principal edison
10:41:27.264 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute sAMAccountName containing 0 values
10:41:27.264 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute jpegPhoto for principal edison
10:41:27.264 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute jpegPhoto containing 0 values
10:41:27.264 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute eduPersonEntitlement for principal edison
10:41:27.264 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute eduPersonEntitlement containing 0 values
10:41:27.264 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute displayName for principal edison
10:41:27.264 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute displayName containing 0 values
10:41:27.264 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute employeeNumber for principal edison
10:41:27.264 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute employeeNumber containing 0 values
10:41:27.265 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:455] - Removing attribute uid from resolution result for principal edison.  It contains no values.
10:41:27.265 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:455] - Removing attribute eduPersonAffiliation from resolution result for principal edison.  It contains no values.
10:41:27.265 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:455] - Removing attribute eduPersonPrincipalName from resolution result for principal edison.  It contains no values.
10:41:27.265 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:455] - Removing attribute eduPersonPrimaryAffiliation from resolution result for principal edison.  It contains no values.
10:41:27.265 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:473] - Attribute surname has 1 values after post-processing
10:41:27.265 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:455] - Removing attribute givenName from resolution result for principal edison.  It contains no values.
10:41:27.265 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:455] - Removing attribute memberOf from resolution result for principal edison.  It contains no values.
10:41:27.265 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:455] - Removing attribute eduPersonNickname from resolution result for principal edison.  It contains no values.
10:41:27.265 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:455] - Removing attribute preferredLanguage from resolution result for principal edison.  It contains no values.
10:41:27.265 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:455] - Removing attribute eduPersonOrgDN from resolution result for principal edison.  It contains no values.
10:41:27.266 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:455] - Removing attribute sAMAccountName from resolution result for principal edison.  It contains no values.
10:41:27.266 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:455] - Removing attribute eduPersonEntitlement from resolution result for principal edison.  It contains no values.
10:41:27.266 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:455] - Removing attribute employeeType from resolution result for principal edison.  It contains no values.
10:41:27.266 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:473] - Attribute commonName has 1 values after post-processing
10:41:27.266 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:455] - Removing attribute mail from resolution result for principal edison.  It contains no values.
10:41:27.266 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:455] - Removing attribute ou from resolution result for principal edison.  It contains no values.
10:41:27.266 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:473] - Attribute transientId has 1 values after post-processing
10:41:27.266 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:455] - Removing attribute o from resolution result for principal edison.  It contains no values.
10:41:27.266 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:455] - Removing attribute eduPersonPrimaryOrgUnitDN from resolution result for principal edison.  It contains no values.
10:41:27.266 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:455] - Removing attribute eduPersonTargetedID from resolution result for principal edison.  It contains no values.
10:41:27.267 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:455] - Removing attribute eduPersonOrgUnitDN from resolution result for principal edison.  It contains no values.
10:41:27.267 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:455] - Removing attribute departmentNumber from resolution result for principal edison.  It contains no values.
10:41:27.267 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:455] - Removing attribute jpegPhoto from resolution result for principal edison.  It contains no values.
10:41:27.267 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:455] - Removing attribute employeeNumber from resolution result for principal edison.  It contains no values.
10:41:27.267 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:455] - Removing attribute displayName from resolution result for principal edison.  It contains no values.
10:41:27.267 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:137] - shibboleth.AttributeResolver resolved, for principal edison, the attributes: [surname, commonName, transientId]
10:41:27.267 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:71] - shibboleth.AttributeFilterEngine filtering 3 attributes for principal edison
10:41:27.268 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:130] - Evaluating if filter policy releaseTransientIdToAnyone is active for principal edison
10:41:27.269 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:163] - Processing permit value rule for attribute eduPersonPrincipalName for principal edison
10:41:27.269 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:163] - Processing permit value rule for attribute ou for principal edison
10:41:27.269 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:163] - Processing permit value rule for attribute o for principal edison
10:41:27.269 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:163] - Processing permit value rule for attribute memberOf for principal edison
10:41:27.269 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:109] - Attribute surname has 1 values after filtering
10:41:27.269 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:109] - Attribute commonName has 1 values after filtering
10:41:27.270 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:109] - Attribute transientId has 1 values after filtering
10:41:27.270 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:114] - Filtered attributes for principal edison.  The following attributes remain: [surname, commonName, transientId]

---

我能够解决这个问题，但在attribute-resolver.xml和attribute-filter.xml文件中提供了正确的映射。现在属性已被解析，但Shibboleth SP未读取它们：（

attribute-resolver.xml中的id应与attribute-filter.xml中的attributeID匹配

属性解析程序.xml

<resolver:AttributeDefinition xsi:type="ad:Simple" id="sAMAccountName"  sourceAttributeID="samaccountname">
    <resolver:Dependency ref="myLDAP" />
    <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:samaccountname" />
    <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:1.2.840.113556.1.4.221" friendlyName="samaccountname" />
</resolver:AttributeDefinition>

attribute-filter.xml

<afp:AttributeRule attributeID="sAMAccountName">
   <afp:PermitValueRule xsi:type="basic:ANY"/>
</afp:AttributeRule>

这些属性是否在LDAP条目中设置了值？是的，LDAP中有值，请参阅显示找到值的第一组日志。是的，我已经阅读了您的日志，这就是为什么我询问未解析的属性是否在条目中有值的原因……因为第一行日志说：

主体edison的特定属性没有设置请求，解析所有属性。

这可能意味着为用户的objectClass请求架构的每个属性，甚至是未设置的属性…因此

包含0个值

，这可能是绝对逻辑的

调试

日志是解析所有属性，但我猜还有一个匹配，它的没有得到价值。