Directory Client API
  1. Directory Client API
  2. DIRAPI-64

Relax LDAP filtering checks to allow trivial filters without parenthesis

    Details

    • Type: New Feature New Feature
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Won't Fix
    • Affects Version/s: 1.0.0-M8
    • Fix Version/s: 1.0.0-M11
    • Labels:
      None

      Description

      When using a filter in either a simple search or a LDAP URL, the filter is check against a strict format which requires starting and ending with parenthesis.

      I suggest to relax the LDAP filtering syntax to accept also search filters without any parenthesis like cn=Pierre or mail=*

      Thanks,

        Activity

        Hide
        Pierre-Arnaud Marcelot added a comment -

        Scheduled this issue for the next version.

        Show
        Pierre-Arnaud Marcelot added a comment - Scheduled this issue for the next version.
        Hide
        Emmanuel Lecharny added a comment -

        To be clear : we can remove the global enclosing parentheses, but nothing more.

        Show
        Emmanuel Lecharny added a comment - To be clear : we can remove the global enclosing parentheses, but nothing more.
        Hide
        Pierre-Arnaud Marcelot added a comment -

        Yeah, indeed. That's what I thought too.

        It should allow us to use these kinds of filters:

        • attr=value
        • &(attr1=value1)(attr2=value2)
        Show
        Pierre-Arnaud Marcelot added a comment - Yeah, indeed. That's what I thought too. It should allow us to use these kinds of filters: attr=value &(attr1=value1)(attr2=value2)
        Hide
        Sebastien Bahloul added a comment -

        Hi,

        I agree with the first one: attr=value
        but I wouldn't with the second sample because I think that this format
        should be enclosed in parenthesis.

        Regards,

        Sebastien BAHLOUL
        IAM / Security specialist
        Ldap Synchronization Connector : http://lsc-project.org
        Blog : http://sbahloul.wordpress.com/

        2011/11/22 Pierre-Arnaud Marcelot (Commented) (JIRA) <jira@apache.org>

        Show
        Sebastien Bahloul added a comment - Hi, I agree with the first one: attr=value but I wouldn't with the second sample because I think that this format should be enclosed in parenthesis. Regards, – Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ 2011/11/22 Pierre-Arnaud Marcelot (Commented) (JIRA) <jira@apache.org>
        Hide
        Emmanuel Lecharny added a comment -

        FTR, why is a filter with encosling parenthese a problem, even for simple forms ?

        Show
        Emmanuel Lecharny added a comment - FTR, why is a filter with encosling parenthese a problem, even for simple forms ?
        Hide
        Alex Karasulu added a comment -

        I don't think this is work messing with our parser or the API. If something like this needs to be done it can be handled by the callers of the API code. Like for example studio might allow for this but it's not something that should seep into our API.

        How hard is it anyway to educate someone to add an opening and closing parenthesis to foo=bar anyways?

        Show
        Alex Karasulu added a comment - I don't think this is work messing with our parser or the API. If something like this needs to be done it can be handled by the callers of the API code. Like for example studio might allow for this but it's not something that should seep into our API. How hard is it anyway to educate someone to add an opening and closing parenthesis to foo=bar anyways?
        Hide
        Sebastien Bahloul added a comment -

        Hi Emmanuel,

        It is not a problem, just a facility regarding the existing use that
        devs/admins may already have with other APIs.

        Regards,


        Sebastien BAHLOUL
        IAM / Security specialist
        Ldap Synchronization Connector : http://lsc-project.org
        Blog : http://sbahloul.wordpress.com/

        2011/11/22 Emmanuel Lecharny (Commented) (JIRA) <jira@apache.org>

        Show
        Sebastien Bahloul added a comment - Hi Emmanuel, It is not a problem, just a facility regarding the existing use that devs/admins may already have with other APIs. Regards, – Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ 2011/11/22 Emmanuel Lecharny (Commented) (JIRA) <jira@apache.org>
        Hide
        Emmanuel Lecharny added a comment -

        That's my point : which (crappy) LDAP API allows someone to use a filter without enclosing parentheses ?

        PS : allowing a filter without parentheses is just a matter of 5 minutes, Alex. I already modified the code, it works, I just want to be sure that it worth the pain...

        Show
        Emmanuel Lecharny added a comment - That's my point : which (crappy) LDAP API allows someone to use a filter without enclosing parentheses ? PS : allowing a filter without parentheses is just a matter of 5 minutes, Alex. I already modified the code, it works, I just want to be sure that it worth the pain...
        Hide
        Pierre-Arnaud Marcelot added a comment -

        @Sébastien: Why not ? It makes sense on both examples to me.

        @Alex: I agree with you, Alex, in the sense that adding a starting and closing parenthesis isn't something very complicated.
        But, since we're releasing this API to facilitate the work with LDAP server, I really think it makes sense that in a few parts we can make things a little easier for the casual user, the one who does not follow strict RFCs (or has been corrupted in his mind by other vendors who authorized this in their servers...).

        Show
        Pierre-Arnaud Marcelot added a comment - @Sébastien: Why not ? It makes sense on both examples to me. @Alex: I agree with you, Alex, in the sense that adding a starting and closing parenthesis isn't something very complicated. But, since we're releasing this API to facilitate the work with LDAP server, I really think it makes sense that in a few parts we can make things a little easier for the casual user, the one who does not follow strict RFCs (or has been corrupted in his mind by other vendors who authorized this in their servers...).
        Hide
        Alex Karasulu added a comment -

        @elecharny: He he he thought you'd think the same you ol dawg.

        @PAM: Yah I understand the compromise, I'll leave it up to y'all to decide but it just irritates me as you probably understand . It's like Porche making an SUV ... I instantly lost respect for them doing that so mom's can drive their kids to school in Porche's. I'd rather have the weenies have a hard time. Know what I mean? Anyways seems it was cake for Emm to implement ... I'm a -0 on the pseudo vote here. Ain't gonna kill no body if we get caught at the gym wearing black socks in shorts .

        Show
        Alex Karasulu added a comment - @elecharny: He he he thought you'd think the same you ol dawg. @PAM: Yah I understand the compromise, I'll leave it up to y'all to decide but it just irritates me as you probably understand . It's like Porche making an SUV ... I instantly lost respect for them doing that so mom's can drive their kids to school in Porche's. I'd rather have the weenies have a hard time. Know what I mean? Anyways seems it was cake for Emm to implement ... I'm a -0 on the pseudo vote here. Ain't gonna kill no body if we get caught at the gym wearing black socks in shorts .
        Hide
        Daniel Fisher added a comment -

        JNDI is the only API I'm aware of that allows invalid filters.
        Clients can easily handle this themselves:

        if (!filter.startsWith("(")) filter = String.format("(%s)", filter);
        

        -1 for supporting this in the client API.

        Show
        Daniel Fisher added a comment - JNDI is the only API I'm aware of that allows invalid filters. Clients can easily handle this themselves: if (!filter.startsWith( "(" )) filter = String .format( "(%s)" , filter); -1 for supporting this in the client API.
        Hide
        Emmanuel Lecharny added a comment -

        Seems like there is a bug in JNDI which has been fixed since then :
        http://bugs.sun.com/view_bug.do?bug_id=6916202

        Filters like &(objectClass=)(uid=) was accepetd, and shuld not been accepted anymore in JNDI.

        This make me think that allowing a filter without enclosing parentheses is not necessarily a good idea.

        Too bad for those who have used such bad data structure ...

        Show
        Emmanuel Lecharny added a comment - Seems like there is a bug in JNDI which has been fixed since then : http://bugs.sun.com/view_bug.do?bug_id=6916202 Filters like &(objectClass= )(uid= ) was accepetd, and shuld not been accepted anymore in JNDI. This make me think that allowing a filter without enclosing parentheses is not necessarily a good idea. Too bad for those who have used such bad data structure ...
        Hide
        Emmanuel Lecharny added a comment -

        Not necessary. JNDI was buggy, it has been fixed.

        Show
        Emmanuel Lecharny added a comment - Not necessary. JNDI was buggy, it has been fixed.

          People

          • Assignee:
            Unassigned
            Reporter:
            Sebastien Bahloul
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development