Closed Coimbra1984 closed 2 weeks ago
Not sure..
When you say "not works", does it throw an error, or just return 0 results? Can you confirm the exact same search works with a cli tool, say ldapsearch
.
I assume this is Windows Active Directory?
I think the sdk is not properly escaping the string. I'll take a look at it.
This discussion is relevant: https://github.com/pingidentity/ldapsdk/issues/10
Not sure.. When you say "not works", does it throw an error, or just return 0 results? Can you confirm the exact same search works with a cli tool, say
ldapsearch
.
"not works" means I dont get any results.
With ldapsearch it works when escaping the comma with \5c, (escape a backslash with \5c and leave the comma as is) The entry looks like:
# admin, leakageRoles, pieye.org
dn: cn=admin,ou=leakageRoles,dc=pieye,dc=org
cn: admin
objectClass: organizationalRole
objectClass: top
roleOccupant: cn=Markus Proeller,ou=people,dc=pieye,dc=org
roleOccupant: cn=Test\2C TestUser,ou=people,dc=pieye,dc=org
With the following ldapsearch filter I get the entry: (roleOccupant=cn=Test\5c, TestUser,ou=people,dc=pieye,dc=org)
I assume this is Windows Active Directory?
The example above is with an OpenLDAP server (https://hub.docker.com/r/bitnami/openldap). We have a customer who has Active Directory who is facing the same problem.
Please also note, that when I use the query function, I get a filter error:
var searchResult = await connection.query(setting.personDN, r"(roleOccupant=cn=Test\5c, TestUser,ou=people,dc=pieye,dc=org)", attrs);
flutter: error Cant parse filter '(roleOccupant=cn=Test\5c, TestUser,ou=people,dc=pieye,dc=org)'. Error is ")" expected
OK - I think I'm getting a handle on the issue. It's not going to be a quick fix, as some things need to be refactored.
Per that java example, escaping in DNs is not the same as escaping in search strings. The best solution is to properly implement DN and RDN code as right now they are basically treated as plain old Dart strings.
There's some ancient (but the logic's OK) filter parsing code at https://github.com/ForgeRock/opendj-community-edition/blob/master/src/server/org/opends/server/types/SearchFilter.java
I pushed 0.7.3-dev.1
to pub. This is a band-aid to get you a bit further. Query still does not work, but this does:
test('search for role with escaped comma using equals', () async {
final userDN = r'cn=fred\2c smith,ou=users,dc=example,dc=com';
final dn = 'cn=adminRole,dc=example,dc=com';
final filter = Filter.equals("roleOccupant", userDN);
var r = await ldap.search(dn, filter, []);
await for (final e in r.stream) {
print(e);
}
});
Note this is done by NOT escaping the backslash. So if you have legit backslashes in the directory, this will cause problems.
The proper fix is more involved - so I'll keep this open for now.
There's some ancient (but the logic's OK) filter parsing code at https://github.com/ForgeRock/opendj-community-edition/blob/master/src/server/org/opends/server/types/SearchFilter.java
4300 lines of code to parse a string. Man I love ldap 🤦
@Coimbra1984 I think I fixed filters with a backslash with 0.7.3. You should be able to do
(roleOccupant=cn=Test\5c, TestUser,ou=people,dc=pieye,dc=org)
can you try it and LMK.
@Coimbra1984 I think I fixed filters with a backslash with 0.7.3. You should be able to do
(roleOccupant=cn=Test\5c, TestUser,ou=people,dc=pieye,dc=org)
can you try it and LMK.
Hi, I can confirm, that 0.7.3 works!
Hi,
I perform an LDAP search with:
Everything works fine, except if the userDN contains a comma, e.g.: cn=Markus Proeller,ou=people,dc=pieye,dc=org works cn=Testuser\, test,ou=people,dc=pieye,dc=org doesn't work.
I have already tried some escaping: cn=Testuser\, test,ou=people,dc=pieye,dc=org cn=Testuser\5c, test,ou=people,dc=pieye,dc=org cn=Testuser\2c test,ou=people,dc=pieye,dc=org
Nothing worked. Do you have any hint?