LDAP queries fail if filter contains special characters in EPP 5

Solution Verified - Updated -

Issue

  • We have configured EPP 5 to point to our LDAP server. On certain pages, no entries are being returned.
    When we enable DEBUG level logging for the 'org.picketlink.idm' package, we can see that the following LDAP query fails:
    FINER [org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl] org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl[PortalLDAPStore].findIdentityObject with name: !(demo_user) !(0; and type: SimpleIdentityObjectType{name='USER'}
    FINER [org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl] Exception occurred: 
    javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name 'ou=People,o=acme,dc=example,dc=com'

            at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:124)
            at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:55)
            at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:520)
            at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962)
            at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824)
            at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
            at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
            at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
            at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)
            at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.searchLDAP(LDAPIdentityStoreImpl.java:3528)
            at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.searchIdentityObjects(LDAPIdentityStoreImpl.java:3375)
            at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findIdentityObject(LDAPIdentityStoreImpl.java:606)
            at org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository.findIdentityObject(FallbackIdentityStoreRepository.java:552)
            at org.picketlink.idm.impl.api.session.managers.PersistenceManagerImpl.findUser(PersistenceManagerImpl.java:426)

The identity object in the above query is an entry in our LDAP system, and there might be others which include characters such as parenthesis in the name.

Environment

  • JBoss Enterprise Portal Platform (EPP)
    • 5.0.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content