search

inejge / ldap3

A pure-Rust LDAP library using the Tokio stack
Apache License 2.0
220 stars 38 forks source link

filter parse error for nested parenthesis in distinguished name #111

Closed TomerCohen95 closed 1 year ago

TomerCohen95 commented 1 year ago

While trying to search 

let base = "dc.domain.test.local";
let scope = Scope::Subtree;
let filter = (|(distinguishedName=CN=User102 (Tomer), CN=Users,DC=domain1,DC=test,DC=local (distinguishedName=CN=User1020,CN=Users,DC=domain1,DC=test,DC=local))
let attrs = MY_ATTRS.map(|s| s.to_string()).to_vec();

self.ldap.search(base, scope, filter, attrs).await?;

we are getting filter parse error which is caused by the (Tomer) in the first distinguished name. when removing the parenthesis or switching to `\28Tomer\29' the request succeeds.

when using ldp.exe to send the request - the filter works just as it is in the example

dequbed commented 1 year ago

ldap3 behaves correctly (that is, according to RFC 4515) here. The 'value' side of a filter must not contain ASCII NUL, parenthesis or an asterisk, those need to be backslash-escaped as you already noted.

inejge commented 1 year ago

As @dequbed said: parentheses in a filter literal must be hex-escaped. The ldap_escape() function does this.