Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7041125

LDAP API does not catch malformed filters that contain two operands for the ! operator

XMLWordPrintable

    • b25
    • generic
    • generic
    • Verified

        The following filter validates OK with 6u24 but an OpenLDAP library throws error.

        The filter in question is:
           (&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)(telephonenumber=+*)))

        The issue is due to the misplacement of a parenthesis the second"!" is given two operands.

        The filter should be rewriiten as:
          
        (&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(telephonenumber=+*))
         
        The open LDAP library Openldap-2_4_19 throws the following error message:

        13:33:20.526 |LDAP Search complete. Code: -7|*^*^*
        13:33:20.526 |Failed to find user in directory: LDAP code: -7|*^*^*
        13:33:20.526 |LDAP failure getting user entry: Bad search filter|*^*^

              coffeys Sean Coffey
              aperumai Asok Perumainar (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: