search

snipe / snipe-it

A free open source IT asset/license management system
https://snipeitapp.com
GNU Affero General Public License v3.0
11.09k stars 3.18k forks source link

ldap_search(): Search: Bad search filter #11979

Open Speed1 opened 2 years ago

Speed1 commented 2 years ago

Debug mode

Describe the bug

Hi,

since upgraded from 5.4 to 6.0.11 my LDAP Filter query doesn't work anymore. The Filter queries all users of an Active Directory group.

My LDAP Filter query:memberof:1.2.840.113556.1.4.1941:=<groupDN> Error Test LDAP Login: ldap_search(): Search: Bad search filter User error on login: Error The username or password is incorrect.

When I replace the LDAP Filter query with the suggested one &(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2)) everything works as expected.

Test LDAP sync works as expected.

Let me know if you need further info.

Reproduction steps

  1. Setup LDAP in SnipeIT
  2. Create an Active Directory Group
  3. As LDAP Filter enter memberof:1.2.840.113556.1.4.1941:=
  4. Test LDAP Login and you will get ldap_search(): Search: Bad search filter
  5. Already imported user can't login and get "Error The username or password is incorrect."

Expected behavior

No error on LDAP Login and already imported user can login again

Screenshots

No response

Snipe-IT Version

6.0.11

Operating System

Centos

Web Server

Apache

PHP Version

7.4.30

Operating System

No response

Browser

No response

Version

No response

Device

No response

Operating System

No response

Browser

No response

Version

No response

Error messages

No response

Additional context

No response

Speed1 commented 2 years ago

It seems that it has something to do with the spaces in the Group DN Path of the filter. When I change the Filter this way it works as expected: &(memberof:1.2.840.113556.1.4.1941:=<groupDN with spaces>)(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))