Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7041125

LDAP API does not catch malformed filters that contain two operands for the ! operator

    XMLWordPrintable

Details

    • b25
    • generic
    • generic
    • Verified

    Backports

      Description

        The following filter validates OK with 6u24 but an OpenLDAP library throws error.

        The filter in question is:
           (&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)(telephonenumber=+*)))

        The issue is due to the misplacement of a parenthesis the second"!" is given two operands.

        The filter should be rewriiten as:
          
        (&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(telephonenumber=+*))
         
        The open LDAP library Openldap-2_4_19 throws the following error message:

        13:33:20.526 |LDAP Search complete. Code: -7|*^*^*
        13:33:20.526 |Failed to find user in directory: LDAP code: -7|*^*^*
        13:33:20.526 |LDAP failure getting user entry: Bad search filter|*^*^

        Attachments

          Issue Links

            Activity

              People

                coffeys Sean Coffey
                aperumai Asok Perumainar (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: