Uploaded image for project: 'Kopano Groupware Core'
  1. Kopano Groupware Core
  2. KC-1402

server: Invalid LDAP search filter containing (|)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Medium
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 8.7.1
    • Component/s: None
    • Security Level: Public
    • Labels:
      None
    • Environment:
      I use the FreeIPA version 4.6.4 on CentOS 7.
      The issue was introduced with Kopano 8.7.0, it worked with 8.6.9

      Description

      report in the forum https://forum.kopano.io/topic/2135/core-8-7-invalid-ldap-search-filter-containing

      I updated to 8.7 and noticed, that Kopano creates LDAP filter which contains (|) e.g.

      (&(|(&(&(objectClass=kopano-user)(mail=@xxx))(|(objectClass=posixAccount)(objectClass=kopano-contact)))(&(&(objectClass=kopano-user)(mail=@xxx))(objectClass=kopano-contact))(|(&(objectClass=posixGroup)(objectClass=kopano-group))(objectClass=kopano-dynamicgroup))(|(&(objectClass=kopano-addresslist))))(&(|(gecos=\2A)(mail=\2A)(mail=\2A)(mail=\2A)(department=\2A)(gecos=\2A))(&(!(&(|(|)(|))(|(|))))(!(&(|(|)(|))(|(|)))))))

      These are rejected by the 389 directory server inside FreeIPA. According to https://www.ietf.org/rfc/rfc1960.txt (|) is invalid because it does not have at least one filter after |.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              fbartels Felix Bartels
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: