-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: ManifoldCF 2.15
-
Fix Version/s: ManifoldCF 2.17
-
Component/s: LDAP authority
-
Labels:None
I just came across a problem with escaping, when searching groups by dn.
A person has the following dn:
cn=John\2C Doe,ou=Internal,ou=Users,ou=ORG,o=comp
which results in:
cn=John\5c2C Doe,ou=Internal,ou=Users,ou=ORG,o=comp
after passing escapeLDAPSearchFilter.
With a groupSearch Filter of "(&(objectClass=groupOfNames)(member={0}))" the String that is sent to the LDAP Server is:
(&(objectClass=groupOfNames)(member=cn=John5c2C Doe,ou=Internal,ou=Users,ou=ORG,o=comp))
-> this leads to an empty result set, as the \ disappeared.
Changing
String searchFilter = groupSearch.replaceAll("\\\{0
}", escapedDN);
to
String searchFilter = groupSearch.replace("{0}", escapedDN);
the following searchFilter is used, which is correct and leads to results:
(&(objectClass=groupOfNames)(member=cn=John\5c2C Doe,ou=Internal,ou=Users,ou=ORG,o=comp))
So it seems that there is a problem with escaping/encoding when using the regex based replaceAll method.
Is there a reason to user replaceAll instead of replace at this position? Would it be a problem, to use the simple string replace method?