Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7041125

LDAP API does not catch malformed filters that contain two operands for the ! operator

    Details

    • Subcomponent:
    • Resolved In Build:
      b25
    • CPU:
      generic
    • OS:
      generic
    • Verification:
      Verified

      Backports

        Description

        The following filter validates OK with 6u24 but an OpenLDAP library throws error.

        The filter in question is:
           (&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)(telephonenumber=+*)))

        The issue is due to the misplacement of a parenthesis the second"!" is given two operands.

        The filter should be rewriiten as:
          
        (&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(telephonenumber=+*))
         
        The open LDAP library Openldap-2_4_19 throws the following error message:

        13:33:20.526 |LDAP Search complete. Code: -7|*^*^*
        13:33:20.526 |Failed to find user in directory: LDAP code: -7|*^*^*
        13:33:20.526 |LDAP failure getting user entry: Bad search filter|*^*^

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  coffeys Sean Coffey
                  Reporter:
                  aperumai Asok Perumainar (Inactive)
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Imported:
                    Indexed: