Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] LDAP "Free form search" issue in the Subject API Diagnostics

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] LDAP "Free form search" issue in the Subject API Diagnostics


Chronological Thread 
  • From: "Black, Carey M." <>
  • To: "" <>
  • Subject: RE: [grouper-users] LDAP "Free form search" issue in the Subject API Diagnostics
  • Date: Wed, 5 Apr 2017 05:55:43 +0000
  • Accept-language: en-US
  • Authentication-results: spf=pass (sender IP is 164.107.81.220) smtp.mailfrom=osu.edu; internet2.edu; dkim=none (message not signed) header.d=none;internet2.edu; dmarc=pass action=none header.from=osu.edu;
  • Ironport-phdr: 9a23:0LKzVBL5nXzu8fqVt9mcpTZWNBhigK39O0sv0rFitYgfKfXxwZ3uMQTl6Ol3ixeRBMOAuqwC07Od6vi/EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQtFiT68bL9oMBm6sArdutQKjYZgN6081gbHrnxUdupM2GhmP0iTnxHy5sex+J5s7SFdsO8/+sBDTKv3Yb02QaRXAzo6PW814tbrtQTYQguU+nQcSGQWnQFWDAXD8Rr3Q43+sir+tup6xSmaIcj7Rq06VDi+86tmTgLjhSEaPDA77W7XkNR9gqJFrhy8uxxxzY3aYI+XO/p/YqzScsgXSnBdUstVTSFNHp+wYokJAuEcPehYtY79p14WoBewGASsAPngxSNLhnPuwKY3zf4uERvY0w0gAtkAt27YoNvoP6oVSu+1yLPHwinAb/9MxDvx9obFfwsmofGXQLJ8a9TexlQyFw7ciFibtI/rPyuN2+gTqWeX8/dsWOeyh2I6tg18pzavy8gwhoXVg48VxE7L+Cp4zYswINC1SlJ3bN68HJdNqS2XNJF6Tt4tTmxpoio217ILtYSmcCQXzJkr3xDfZOKEfoSU5x/uUeacLitki3Jrfb+zmRm//Em9xeD5WcS50FRHoyRAn9bQrX8CzAbc586aQfVn5EihwyyA1wXL5+FEP080ka3bJoY5zLMskZQfrVrPEjbrlUvwkqOab0Ik9fO25Oj9ZbXmu4OcOJRzigHjNKQhh9azAfwiMggJQ2iU5/iz1KHi/U3+RrVGlPo2krTFsJDeIsQboa25DxVJ3YYk7hazFzam0NIGknkbNF9JZgiIg5T0N1zLPfz0EOqzjlGikDpk2/zKIrjsApvTIXXMkbrseLNw5kxAxAcz1dxf4ohbCrAFIPL9QE/xs9nYAwciPAyw2enoFNZ92pkDVW6RDKKUK6TSsUSV5u41PeaDeZIVtC7nK/c5//7ukWM5mVgFcKmmx5sXb224Hux4LEWDeHbsn8wBHnkQvgolV+HqjFyCUSVPZ3apQa4w/DA7CIS6DYjdXICthqKO3DulEpFMeG9JF02MQj/UcNDOVO0LdTqfOIp8iTEeTpCgTZMszxejqFW8xrZ6ZKKA9TcfqIruzp1o/ODJjjkz8yB5FcKQzzvLQm1pyDAmXTgziepVpUV2yRPL+qFiju0QMJoZr6dDVg4xNtiFlbdSDMvvHA/NY4HaGx6dXty6DGRpHZoKyNgUbhMlFg==
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Liam,

 

I also found have found this page to be very, very helpful.

 

And I did, and expected, the same thing from this page as you did.

                I removed the “silly default values” in the three searches then added a value to one search I wanted to test.

                For me, this results in an LDAP timeout error being logged, and the UI behaves fairly badly under those conditions.

 

So, I would go one step farther with this request.

 

I think that the search should only be done if the user provided an input for that search.

                I suspect there is no valid ( useful, meaningful, diagnostic )  reason for a “empty value” search to be done. ( The UI appears to wait till you have 2 or 3 characters before it will do a search. )

                If I am correct, then I think it should be considered an error for the search to be performed without any input value(s), and that should be guarded against/prevented.

 

--

Carey Matthew

 

From: [mailto:] On Behalf Of Liam Hoekenga
Sent: Thursday, March 30, 2017 4:28 PM
To:
Subject: [grouper-users] LDAP "Free form search" issue in the Subject API Diagnostics

 

The answer from one of my earlier questions pointed me at the "Subject API Diagnostics", which seems like a really useful tool.

 

I think it would be useful to be able to perform any of the searches via the diagnostic tool on it's own.  It's actually the first thing I tried to do.

 

I found if you do provide terms for a single search, it runs all of the defined searches with incomplete search terms.  Mostly harmless.

 

With the provided LDAP searches, you can get sort of useless value match searches, but those return quickly..

 

    (&(exampleEduRegId=)(objectclass=exampleEduPerson))

    (&(uid=)(objectclass=exampleEduPerson))

 

The problem is the freeform search.  If you don't provide a string for the freeform search, you can get a wildcard search like...

 

    (&(|(|(uid=)(cn=*))(exampleEduRegId=))(objectclass=exampleEduPerson))

 

...which returns every exampleEduPerson object in the search base.  Looking at the filter, I get why it's doing it, but it's not what I expected.

 

I know you can provide default search terms in subjects.properties / sources.xml, but I think this tool would be useful for debugging issues with any given subject, using whatever piece of identifying information is handy.

 

Liam

 


  • RE: [grouper-users] LDAP "Free form search" issue in the Subject API Diagnostics, Black, Carey M., 04/05/2017

Archive powered by MHonArc 2.6.19.

Top of Page