Uploaded image for project: 'ManifoldCF'
  1. ManifoldCF
  2. CONNECTORS-1644

LDAPAuthority.java - group search by dn encoding/escaping

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: ManifoldCF 2.15
    • Fix Version/s: ManifoldCF 2.17
    • Component/s: LDAP authority
    • Labels:
      None

      Description

      I just came across a problem with escaping, when searching groups by dn.

      A person has the following dn:
      cn=John\2C Doe,ou=Internal,ou=Users,ou=ORG,o=comp
      which results in:
      cn=John\5c2C Doe,ou=Internal,ou=Users,ou=ORG,o=comp
      after passing escapeLDAPSearchFilter.
      With a groupSearch Filter of "(&(objectClass=groupOfNames)(member={0}))" the String that is sent to the LDAP Server is:
      (&(objectClass=groupOfNames)(member=cn=John5c2C Doe,ou=Internal,ou=Users,ou=ORG,o=comp))
      -> this leads to an empty result set, as the \ disappeared.
      Changing
      String searchFilter = groupSearch.replaceAll("\\\{0
      }", escapedDN);
      to
      String searchFilter = groupSearch.replace("{0}", escapedDN);
      the following searchFilter is used, which is correct and leads to results:
      (&(objectClass=groupOfNames)(member=cn=John\5c2C Doe,ou=Internal,ou=Users,ou=ORG,o=comp))

      So it seems that there is a problem with escaping/encoding when using the regex based replaceAll method.

      Is there a reason to user replaceAll instead of replace at this position? Would it be a problem, to use the simple string replace method?

        Attachments

          Activity

            People

            • Assignee:
              kwright@metacarta.com Karl Wright
              Reporter:
              wolfingeru Uwe Wolfinger
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: