Skip to content

LDAP group search filter does not escape special characters #206

New issue
New issue
Closed
#207
Closed
LDAP group search filter does not escape special characters#206
#207
Assignees
ivan-gomes
Labels
bugSomething isn't working
@ivan-gomes

Description

@ivan-gomes
ivan-gomes
opened on Oct 7, 2022

https://github.com/Open-MBEE/mms/blob/3b4c6c53e5f8ea04e93be7e52ef2c87cec0e8141/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java#L187-L188

Since this is a HardcodedFilter, MMS needs to explicitly encode the value of userDn for search filter special characters, e.g. \, (, ). This is typically handled for the developer in the other Filter subtypes, but is not in HardcodedFilter as implied by the name.

Example:
userDn = "cn=Smith\, Jane,ou=People,dc=example,dc=com" currently results in a filter = (&(uniqueMember=cn=Smith\, Jane,ou=People,dc=example,dc=com)(|(cn=everyone)(cn=The Smiths)...)). This value of filter erroneously results in a null set ([]) even when Smith, Jane belongs to The Smiths group. The desired filter = (&(uniqueMember=cn=Smith\5c, Jane,ou=People,dc=example,dc=com)(|(cn=everyone)(cn=The Smiths)...)) - note the \5c escaping which results in[The Smith] when Smith, Jane belongs to The Smiths group.

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions