Bug 784164
| Summary: | LDAP - Group filter if wrapped in () causes trouble | |||
|---|---|---|---|---|
| Product: | [Other] RHQ Project | Reporter: | Elias Ross <genman> | |
| Component: | Core UI | Assignee: | Heiko W. Rupp <hrupp> | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Mike Foley <mfoley> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 4.3 | CC: | hrupp | |
| Target Milestone: | --- | |||
| Target Release: | RHQ 4.5.0 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 830892 (view as bug list) | Environment: | ||
| Last Closed: | 2013-09-01 10:12:47 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 830892 | |||
12/30/2012 BZ triage meeting mfoley, ccrouch, loleary, asantos RFC 2254 defines the syntax http://tools.ietf.org/html/rfc2254 Section 4 gives the grammar and this supports your analysis master f68af16fc6299 Bulk closing of items that are on_qa and in old RHQ releases, which are out for a long time and where the issue has not been re-opened since. |
Description of problem: Splunk supports an LDAP configuration key like this: groupBaseFilter = (|(cn=some-org-all)(cn=SplunkAdmin)(cn=some-ops)(cn=OurNOC)) This attribute cuts down on what's displayed on the role mapping screen on Splunk. RHQ seems to fail with this, but does support something similar to: groupBaseFilter = |(cn=some-org-all)(cn=SplunkAdmin)(cn=some-ops)(cn=OurNOC) Version-Release number of selected component (if applicable): 4.3 The LDAP test program shows something like: **Verbose:debug ---- stack trace reference:javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'dc=xxx,dc=com' The problem code: modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.java if ((groupFilter != null) && (!groupFilter.trim().isEmpty())) { String filter = String.format("(%s)", groupFilter); ^^^ return buildGroup(systemConfig, filter); } () should not be added if there is () already. Note: I also don't see anything logged in rhq-server-log4j.log when this fails. Is this something bizarre about the logging configuration? Mine is out-of-the-box.