JON is not retrieving LDAP groups (or throws javax.naming.directory.InvalidSearchFilterException) when Group Search Filter contains parentheses

Solution Verified - Updated -

Issue

  • No groups are available in role definition page
  • LDAP groups are not being retrieved
  • potentially an exception is thrown:
org.rhq.enterprise.server.exception.LdapFilterException:The ldap group filter defined is invalid  invalid attribute description

and/or

[org.rhq.enterprise.server.resource.group.LdapGroupManagerBean] The ldap group filter defined is invalid
javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'dc=jbossuk,dc=redhat,dc=com'
        at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:446)
        at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:146)
        at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
        ...
  • I see a red error box saying Failed to load LDAP groups available for role on the Role Definition Screen

Environment

  • Red Hat JBoss Operations Network (ON)
    • 2.4.x
    • 3.0.x
    • 3.1.x
  • LDAP Group Search Filter contains parenthesis, examples:
  (objectclass=groupOfUniqueNames)

  (&(objectclass=Group)(name=London*))

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content