JON is not retrieving LDAP groups (or throws javax.naming.directory.InvalidSearchFilterException) when Group Search Filter contains parentheses

Solution Verified - Updated -

Issue

  • No groups are available in role definition page
  • LDAP groups are not being retrieved
  • potentially an exception is thrown: 
org.rhq.enterprise.server.exception.LdapFilterException:The ldap group filter defined is invalid  invalid attribute description

and/or

[org.rhq.enterprise.server.resource.group.LdapGroupManagerBean] The ldap group filter defined is invalid
javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'dc=jbossuk,dc=redhat,dc=com'
        at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:446)
        at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:146)
        at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
        ...
  • I see a red error box saying Failed to load LDAP groups available for role on the Role Definition Screen

Environment

  • Red Hat JBoss Operations Network (ON)
    • 2.4.x
    • 3.0.x
    • 3.1.x
  • LDAP Group Search Filter contains parenthesis, examples:
  (objectclass=groupOfUniqueNames)

  (&(objectclass=Group)(name=London*))

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.