Bug 652800
| Summary: | Unable to use parentheses in search filters for LDAP configuration | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [JBoss] JBoss Operations Network | Reporter: | Marc Shirley <mshirley> | ||||
| Component: | Core Server | Assignee: | RHQ Project Maintainer <rhq-maint> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Sunil Kondkar <skondkar> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | JON 3.1.2 | CC: | fbrychta, jshaughn, loleary, miburman, skondkar, spinder, tfonteyn | ||||
| Target Milestone: | ER01 | Keywords: | Improvement, TestCaseNeeded | ||||
| Target Release: | JON 3.3.3 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Enhancement | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2015-07-30 16:41:16 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Marc Shirley
2010-11-12 19:53:16 UTC
It would be nice to be a little more lax in this case since I would expect the extra brackets are ignored by most ldap query tools, and we should aim to act similarly here. FutureFeature Improvement We have hit this now also with JON 3.1.2 and newer versions of Java.
In older versions of Java this failed silently and no groups were returned.
In newer versions, we tested with 1.6.0_45 and 1.7.0_17, Java actually will throw an exception:
ERROR [org.rhq.enterprise.server.resource.group.LdapGroupManagerBean] The ldap group filter defined is invalid
javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'dc=jbossuk,dc=redhat,dc=com'
at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:446)
at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:146)
at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
Simeon, any idea of this was ever enhaced? We have not yet fixed/relaxed this handling. It should just be a matter of checking for brackets and not adding them when they are already there with the underlying query. I suspect the customers would like to add more complicated LDAP group logic here. Currently focused on JON 3.3 so not sure how soon we'll get to this. This is considered a bug as parenthesis are a standard part of a directory search query. The problem here is that JBoss ON is adding parenthesis when it shouldn't. As comment 5 indicates, the expected behavior here is if no parenthesis are provided by the user/configuration, they get implicitly added. This looks like a duplicate of BZ 784164, which was fixed. Can someone verify that the bug really exists in JON 3.3? Verified on JBoss ON 3.3.3 ER01 build and Windows server 2008 active directory. In LDAP configuration, set Group Search Filter property to (objectclass=group) The LDAP configuration is saved successfully without exception. Results are returned while attempting to assign LDAP groups to roles. Also verified that the results filter in available groups is working. Please refer the attached screenshot. Created attachment 1051704 [details]
Screenshot
Test case added: https://tcms.engineering.redhat.com/run/253435/#caserun_10357781 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-1525.html |