Icingaweb2 issue when rendering LDAP Filter or LDAP Base DN

[lucagubler]

Hi all

I'm currently trying to connect Icinga Web to the AD so that employees can log in with their login. Unfortunately, this doesn't quite work with the Ansible Collection. Single quotes are added to the LDAP filter and LDAP base DN, which isn't supposed to happen. When I validate the config in the GUI, I get a "bad search filter" error. If I then manually remove the single quotes, the config validates successfully.

You can see the config below. I also tried removing the single quotes with -:"xyz". But then single quotes are simply added around the whole string...

e.g. filter: -:"(objectClass=*)" → filter = '-:"(objectClass=*)"'

here's my config:

icingaweb2_authentication:
  icingaweb_ldap:
    resource: icingaweb_ldap
    filter: (objectClass=*)
    backend: "msldap"
    base_dn: OU=employees, OU=users, OU=prod, DC=ad, DC=example, DC=com

Invalid AD config with single quotes

Valid AD config without single quotes

[Donien]

Hi @lucagubler,

we indeed use single quotes to encapsulate certain strings in .ini files (e.g. those containing '!', '=', etc.). This is wrong though as we should use double quotes instead.

I'll look into this and also search for other parts where this has been implemented incorrectly.

Thanks for letting us know!