Details
-
Bug
-
Resolution: Cannot Reproduce
-
Major
-
None
-
5.4.7
-
Unknown
-
Description
When the LDAP syncs groups, the LDAP groups are loaded in cache including subgroups. As part of this process every member entry is being tried to be loaded. If such an entry contains parenthesis it will fail while it should not.
The issue is in the function
/**
* Execute LDAP query to get all group's members.
*
* @param groupDN the group to retrieve the members of and scan for subgroups.
* @return the LDAP search result.
* @throws LDAPException failed to execute LDAP query
*/
private LDAPSearchResults searchGroupsMembersByDN(String groupDN) throws LDAPException
{
String[] attrs = new String[2 + getGroupMemberFields().size()];
int i = 0;
attrs[i++] = LDAP_OBJECTCLASS;
for (String groupMember : getGroupMemberFields()) {
attrs[i++] = groupMember;
}
// in case it's a organization unit get the users ids
attrs[i++] = getUidAttributeName();
return getConnection().search(groupDN, null, attrs, LDAPConnection.SCOPE_SUB);
}
Where groupDN is not escaped.