LDAP queries fail if filter contains special characters in EPP 5
Issue
- We have configured EPP 5 to point to our LDAP server. On certain pages, no entries are being returned.
When we enable DEBUG level logging for the 'org.picketlink.idm' package, we can see that the following LDAP query fails:
FINER [org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl] org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl[PortalLDAPStore].findIdentityObject with name: !(demo_user) !(0; and type: SimpleIdentityObjectType{name='USER'}
FINER [org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl] Exception occurred:
javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name 'ou=People,o=acme,dc=example,dc=com'
at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:124)
at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:55)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:520)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)
at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.searchLDAP(LDAPIdentityStoreImpl.java:3528)
at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.searchIdentityObjects(LDAPIdentityStoreImpl.java:3375)
at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findIdentityObject(LDAPIdentityStoreImpl.java:606)
at org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository.findIdentityObject(FallbackIdentityStoreRepository.java:552)
at org.picketlink.idm.impl.api.session.managers.PersistenceManagerImpl.findUser(PersistenceManagerImpl.java:426)
The identity object in the above query is an entry in our LDAP system, and there might be others which include characters such as parenthesis in the name.
Environment
- JBoss Enterprise Portal Platform (EPP)
- 5.0.1
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.