This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours

Bug 784164

Summary: LDAP - Group filter if wrapped in () causes trouble
Product: [Other] RHQ Project Reporter: Elias Ross <genman>
Component: Core UIAssignee: Heiko W. Rupp <hrupp>
Status: CLOSED CURRENTRELEASE QA Contact: Mike Foley <mfoley>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 4.3CC: hrupp
Target Milestone: ---   
Target Release: RHQ 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 830892 (view as bug list) Environment:
Last Closed: 2013-09-01 06:12:47 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On:    
Bug Blocks: 830892    

Description Elias Ross 2012-01-23 22:59:03 EST
Description of problem:

Splunk supports an LDAP configuration key like this:

groupBaseFilter = (|(cn=some-org-all)(cn=SplunkAdmin)(cn=some-ops)(cn=OurNOC))

This attribute cuts down on what's displayed on the role mapping screen on Splunk. RHQ seems to fail with this, but does support something similar to:

groupBaseFilter = |(cn=some-org-all)(cn=SplunkAdmin)(cn=some-ops)(cn=OurNOC)

Version-Release number of selected component (if applicable): 4.3

The LDAP test program shows something like:
**Verbose:debug ---- stack trace reference:javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'dc=xxx,dc=com'

The problem code:

modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.java

        if ((groupFilter != null) && (!groupFilter.trim().isEmpty())) {
            String filter = String.format("(%s)", groupFilter);
^^^
            return buildGroup(systemConfig, filter);
        }

() should not be added if there is () already.

Note: I also don't see anything logged in rhq-server-log4j.log when this fails. Is this something bizarre about the logging configuration? Mine is out-of-the-box.
Comment 1 Mike Foley 2012-01-30 11:22:05 EST
12/30/2012 BZ triage meeting mfoley, ccrouch, loleary, asantos
Comment 2 Heiko W. Rupp 2012-06-06 04:12:41 EDT
RFC 2254 defines the syntax http://tools.ietf.org/html/rfc2254

Section 4 gives the grammar and this supports your analysis
Comment 3 Heiko W. Rupp 2012-06-06 07:54:40 EDT
master f68af16fc6299
Comment 4 Heiko W. Rupp 2013-09-01 06:12:47 EDT
Bulk closing of items that are on_qa and in old RHQ releases, which are out for a long time and where the issue has not been re-opened since.