[CWD-506] LDAP fitlering only supports one fitler.

Type: Bug
Resolution: Not a bug
Priority: Medium
Fix Version/s: 1.2.1
Affects Version/s: 1.1.1
Component/s: Directory - LDAP
Labels:
None

Bug Fix Policy:
View Atlassian Server bug fix policy

This bug was submitted through http://support.atlassian.com and was confirmed:

When I go to the Principals page to search for a user (i.e. "stephen tang"), I noticed the Crowd log shows something like this:

14:33:21,366 INFO crowd.integration.directory.connector.SpringLDAPConnector: Performing search: baseDN = OU=Studios,dc=company,dc=com - filter = (&(sAMAccountName=john doe)(objectClass=person))

When I try to put something more complicated into the User Object Filter field, like:

(&(&(objectClass=user)(objectClass=organizationalPerson))(!objectClass=computer))), Crowd complains that the parentheses are unbalanced. The log shows:

15:39:08,346 INFO crowd.integration.directory.connector.SpringLDAPConnector: Performing principal search: baseDN = ou=Users, ou=Studios,OU=Studios,dc=company,dc=com - filter = (&(sAMAccountName=john doe)(&(&(objectClass=user)(objectClass=organizationalPerson))(!objectClass=computer)))

Which results in the following error:

Invalid search filter; nested exception is javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; ...

Form Name

Monique Khairuliana (Inactive) made changes - 15/Aug/2019 7:06 AM

Workflow	Original: Simplified Crowd Development Workflow v2 - restricted [ 1510837 ]	New: JAC Bug Workflow v3 [ 3365298 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 07/Jul/2016 6:19 AM

Workflow

Original: Simplified Crowd Development Workflow v2 [ 1391786 ]

New: Simplified Crowd Development Workflow v2 - restricted [ 1510837 ]

Owen made changes - 12/May/2016 2:51 AM

Workflow

Original: Crowd Development Workflow v2 [ 273341 ]

New: Simplified Crowd Development Workflow v2 [ 1391786 ]

jawong.adm made changes - 15/Dec/2010 10:50 PM

Workflow

Original: JIRA Bug Workflow v2 [ 174341 ]

New: Crowd Development Workflow v2 [ 273341 ]

Justin Koke made changes - 12/May/2009 1:31 AM

Workflow

Original: jira [ 86477 ]

New: JIRA Bug Workflow v2 [ 174341 ]

Stephen Tang added a comment - 28/Nov/2007 3:28 PM

Hi David,
I'll pass this along to my team and consult the IT dept. Obviously, we don't enough about LDAP, and probably should have consulted the IT dept. first.

Thank you for verifying the LDAP syntax.

--Stephen

Stephen Tang added a comment - 28/Nov/2007 3:28 PM Hi David, I'll pass this along to my team and consult the IT dept. Obviously, we don't enough about LDAP, and probably should have consulted the IT dept. first. Thank you for verifying the LDAP syntax. --Stephen

David O'Flynn [Atlassian] made changes - 28/Nov/2007 6:16 AM

Resolution		New: Not a bug [ 12 ]
Status	Original: In Progress [ 3 ]	New: Resolved [ 5 ]

David O'Flynn [Atlassian] added a comment - 28/Nov/2007 6:16 AM

Incomplete LDAP syntax resulted in error that looked like a bug.

David O'Flynn [Atlassian] added a comment - 28/Nov/2007 6:16 AM Incomplete LDAP syntax resulted in error that looked like a bug.

David O'Flynn [Atlassian] added a comment - 28/Nov/2007 6:08 AM

Hi Stephen,

The example you provided (see 1, below) is not a valid LDAP query. LDAP is addicted to brackets, so to make the query valid, you need to separate the negation operator and the objectClass=computer with another set of brackets (see 2, below). I've verified that Crowd operates correctly with the syntax from the second example, when run against Microsoft Active Directory 2000.

You can verify this yourself using a product such as Apache Directory Studio to manually enter query syntax.

1: (&(&(objectClass=user)(objectClass=organizationalPerson))(!objectClass=computer)))
2: (&(&(objectClass=user)(objectClass=organizationalPerson))(!(objectClass=computer))))

I hope this resolves your issue and allows you to successfully complete your evaluation of Crowd

dave.

David O'Flynn [Atlassian] added a comment - 28/Nov/2007 6:08 AM Hi Stephen, The example you provided (see 1, below) is not a valid LDAP query. LDAP is addicted to brackets, so to make the query valid, you need to separate the negation operator and the objectClass=computer with another set of brackets (see 2, below). I've verified that Crowd operates correctly with the syntax from the second example, when run against Microsoft Active Directory 2000. You can verify this yourself using a product such as Apache Directory Studio to manually enter query syntax. 1: (&(&(objectClass=user)(objectClass=organizationalPerson))(!objectClass=computer))) 2: (&(&(objectClass=user)(objectClass=organizationalPerson))(!(objectClass=computer)))) I hope this resolves your issue and allows you to successfully complete your evaluation of Crowd dave.

David O'Flynn [Atlassian] made changes - 28/Nov/2007 5:59 AM

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

Assignee:: David O'Flynn [Atlassian]

Reporter:: Justen Stepka [Atlassian]

Affected customers:: 1 This affects my team

Watchers:: 2 Start watching this issue

Created:: 29/Aug/2007 4:42 AM

Updated:: 15/Aug/2019 7:06 AM

Resolved:: 28/Nov/2007 6:16 AM

Details

Description

Attachments

Forms

Activity

Collapse comment: Stephen Tang added a comment - 28/Nov/2007 3:28 PM

Expand comment: Stephen Tang added a comment - 28/Nov/2007 3:28 PM

Collapse comment: David O'Flynn [Atlassian] added a comment - 28/Nov/2007 6:16 AM

Expand comment: David O'Flynn [Atlassian] added a comment - 28/Nov/2007 6:16 AM

Collapse comment: David O'Flynn [Atlassian] added a comment - 28/Nov/2007 6:08 AM

Expand comment: David O'Flynn [Atlassian] added a comment - 28/Nov/2007 6:08 AM

People

Dates