Uwe Wolfinger created CONNECTORS-1644:
-----------------------------------------
Summary: LDAPAuthority.java - group search by dn encoding/escaping
Key: CONNECTORS-1644
URL: https://issues.apache.org/jira/browse/CONNECTORS-1644
Project: ManifoldCF
Issue Type: Bug
Components: LDAP authority
Affects Versions: ManifoldCF 2.15
Reporter: Uwe Wolfinger
I just came across a problem with escaping, when searching groups by dn.
A person has the following dn:
cn=John\2C Doe,ou=Internal,ou=Users,ou=ORG,o=comp
which results in:
cn=John\5c2C Doe,ou=Internal,ou=Users,ou=ORG,o=comp
after passing escapeLDAPSearchFilter.
With a groupSearch Filter of "(&(objectClass=groupOfNames)(member=\{0}))" the
String that is sent to the LDAP Server is:
(&(objectClass=groupOfNames)(member=cn=John5c2C
Doe,ou=Internal,ou=Users,ou=ORG,o=comp))
-> this leads to an empty result set, as the \ disappeared.
Changing
String searchFilter = groupSearch.replaceAll("\\\{0\\}", escapedDN);
to
String searchFilter = groupSearch.replace("\{0}", escapedDN);
the following searchFilter is used, which is correct and leads to results:
(&(objectClass=groupOfNames)(member=cn=John\5c2C
Doe,ou=Internal,ou=Users,ou=ORG,o=comp))
So it seems that there is a problem with escaping/encoding when using the regex
based replaceAll method.
Is there a reason to user replaceAll instead of replace at this position? Would
it be a problem, to use the simple string replace method?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
