-
Bug
-
Resolution: Fixed
-
Medium
-
2.0.7
-
None
Forward slashes, "/", cause a variety of failures when included in DNs and User and Group Names.
Specific cases are:
- Adding a User or adding a Group fails when the user or group contains a "/". The failure occurs before the actual create when the system is checking to see if the user already exists. If the user or group already exists in LDAP with a name containing a slash then all other operations, e.g. authenticate & search, seem to work OK.
- When a search is performed against a DN that contains a "/" it fails with an error such as :
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'ou=kelpie/berrima,dc=example,dc=com'
This can be worked around by manually escaping the slash in the DN attribute e.g. ou=kelpie\2Fberrima,dc=example,dc=com
All these tests were run against OpenLDAP.
- blocks
-
-
- Closed
-
- is superseded by
-
-
- Closed
-
- mentioned in
-
Page Loading...
-
-
-
-
-
-
![[Atlassian Documentation] Page](https://confluence.atlassian.com/images/icons/favicon.png "[Atlassian Documentation] Page"){kind=icon}
[CWD-2042] Forward slashes not escaped correctly in DNs etc.
Sister issue is listed as a Major priority, so upping this issue to match. In LDAPs with a large number of users, escaping slashes on the server side isn't an option as that could total to several thousand users.
This happens in a call to searchGroupRelationships running against Active Directory. The DN comes from Spring LDAP in the first place and then causes the error when it's passed back in as a query. JDK bug 4307193 suggests a mismatch between LDAP and JNDI escaping.