Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-987

special character used in membership search filter should be escaped (rfc2254)

    XMLWordPrintable

    Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 9.5.3, 9.5.4_RC1
    • 9.5.5, 10.0.0-EA
    • idrepo
    • Rank:
      1|hznasn:

      Description

      Active Directory entries often has backslash to escape comma(',') or space(' ') in user DN. IdRepo layer would fail to issue search request if search filter contains any special characters defined in RFC2254.

      http://www.ietf.org/rfc/rfc2254.txt
      http://msdn.microsoft.com/en-us/library/windows/desktop/aa746475%28v=vs.85%29.aspx

      1. setup openAM to use Active Directory to use datasource
      2. create user with common name "testfirst00 testlast00" and UID "testuser00" in Active Directory
      3. create a group called "testgroup00" and assign a user created in step 2 to this group
      4. login to openAM admin console
      5. click [Access Control] -> select realm -> [Subject] -> click "testuser00"
      5-repro). you will see this user doesn't belong to any group although it should

      we should escape special search filter chars.

        Attachments

          Activity

            People

            sachiko Sachiko Wallace
            sachiko Sachiko Wallace
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: