Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8543

Special characters are not always escaped correctly in universal identifier DNs

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 13.0.0
    • Fix Version/s: 12.0.4, 13.5.0
    • Component/s: idrepo
    • Labels:
    • Sprint:
      AM Sustaining Sprint 20, AM Sustaining Sprint 21, AM Sustaining Sprint 22
    • Support Ticket IDs:

      Description

      If users or groups include a character that should normally be escaped in a DN, OpenAM does not always encode the values correctly when building universal identifier DN's.

      To reproduce:

      1) Install fresh 13.0.0
      2) Add a user/group with a ',' in the name
      3) Trigger some persistent search results for that entry.
      4) Check container stderr logs for the following exception:

      WARNING: GRIZZLY0013: Exception during FilterChain execution
      org.forgerock.i18n.LocalizedIllegalArgumentException: The provided value "id=test,group,ou=group,dc=openam,dc=forgerock,dc=org" could not be parsed as a valid distinguished name because character ',' at position 13 is not allowed in an attribute name
          at org.forgerock.opendj.ldap.AVA.readAttributeName(AVA.java:449)
          at org.forgerock.opendj.ldap.AVA.decode(AVA.java:124)
          at org.forgerock.opendj.ldap.RDN.decode(RDN.java:154)
          at org.forgerock.opendj.ldap.DN.decode(DN.java:286)
          at org.forgerock.opendj.ldap.DN.decode(DN.java:301)
          at org.forgerock.opendj.ldap.DN.valueOf(DN.java:255)
          at org.forgerock.opendj.ldap.DN.valueOf(DN.java:221)
          at org.forgerock.openam.ldap.LDAPUtils.newDN(LDAPUtils.java:588)
          at com.sun.identity.common.DNUtils.normalizeDN(DNUtils.java:47)
          at com.sun.identity.idm.server.IdCachedServicesImpl.dirtyCache(IdCachedServicesImpl.java:255)
          at com.sun.identity.idm.IdRepoListener.objectChanged(IdRepoListener.java:178)
          at org.forgerock.openam.idrepo.ldap.psearch.DJLDAPv3PersistentSearch$PSearchResultEntryHandler.handle(DJLDAPv3PersistentSearch.java:121)
          at com.iplanet.services.ldap.event.LDAPv3PersistentSearch$PersistentSearchResultHandler.handleEntry(LDAPv3PersistentSearch.java:315)
          at org.forgerock.opendj.ldap.LDAPConnectionFactory$ConnectionImpl$3.handleEntry(LDAPConnectionFactory.java:979)
          at org.forgerock.opendj.ldap.spi.SearchResultLdapPromiseImpl.handleEntry(SearchResultLdapPromiseImpl.java:72)
          at org.forgerock.opendj.grizzly.LDAPClientFilter$ClientResponseHandler.searchResultEntry(LDAPClientFilter.java:343)
          at org.forgerock.opendj.io.LDAPReader.readSearchResultEntry(LDAPReader.java:704)
          at org.forgerock.opendj.io.LDAPReader.readProtocolOp(LDAPReader.java:556)
          at org.forgerock.opendj.io.LDAPReader.readMessage(LDAPReader.java:132)
          at org.forgerock.opendj.grizzly.LDAPBaseFilter.handleRead(LDAPBaseFilter.java:82)
          at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
          at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:283)
          at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:200)
          at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:132)
          at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:111)
          at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
          at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:536)
          at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
          at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117)
          at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:56)
          at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137)
          at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:591)
          at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:571)
          at java.lang.Thread.run(Thread.java:745)
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                ian.packer Ian Packer [X] (Inactive)
                QA Assignee:
                Filip Kubáň [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2h
                  2h
                  Remaining:
                  Remaining Estimate - 2h
                  2h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified