Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-12412

LDAP Group Sync fails query if member contains parenthesis because of lack of escaping

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Cannot Reproduce
    • Affects Version/s: 5.4.7
    • Fix Version/s: None
    • Component/s: {Unused} LDAP
    • Labels:
    • Difficulty:
      Unknown
    • Similar issues:

      Description

      When the LDAP syncs groups, the LDAP groups are loaded in cache including subgroups. As part of this process every member entry is being tried to be loaded. If such an entry contains parenthesis it will fail while it should not.

      The issue is in the function

      /**
           * Execute LDAP query to get all group's members.
           * 
           * @param groupDN the group to retrieve the members of and scan for subgroups.
           * @return the LDAP search result.
           * @throws LDAPException failed to execute LDAP query
           */
          private LDAPSearchResults searchGroupsMembersByDN(String groupDN) throws LDAPException
          {
              String[] attrs = new String[2 + getGroupMemberFields().size()];
      
              int i = 0;
              attrs[i++] = LDAP_OBJECTCLASS;
              for (String groupMember : getGroupMemberFields()) {
                  attrs[i++] = groupMember;
              }
      
              // in case it's a organization unit get the users ids
              attrs[i++] = getUidAttributeName();
      
              return getConnection().search(groupDN, null, attrs, LDAPConnection.SCOPE_SUB);
          }
      

      Where groupDN is not escaped.

        Attachments

          Activity

            People

            • Assignee:
              tmortagne Thomas Mortagne
              Reporter:
              ludovic Ludovic Dubost
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Date of First Response: