Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Escaping search filter?

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Escaping search filter?


Chronological Thread 
    < Chronological >      < Thread >
  • From: "Pete St. Onge" <>
  • To: "" <>
  • Subject: [grouper-users] Escaping search filter?
  • Date: Thu, 24 Oct 2019 10:26:39 -0400
As we transition from an earlier version of Grouper to current (2.4.0, pretty much all of the API patches, we may be behind some of the most recent, > 70).

I should note at this point that we opted to use businessCategory LDAP attribute to hold the fully-qualified group name to facilitate how PSPNG provisions into our OpenLDAP directory.

I'm seeing this error in logs, around a set of names

2019-10-24 10:01:39,350: [DefaultQuartzScheduler_Worker-5] ERROR Provisioner.prepareGroupCache(781) - - Problem fetching information on group 'utorable:apps:Office365:shared-mailboxes:spanport.search-utoronto.ca-FullWithCompose (searchsp)'
edu.internet2.middleware.grouper.pspng.PspException: Problem checking ldap filter {}: [org.ldaptive.SearchFilter@-1714540057::filter=(&(objectclass=groupOfNames)(businessCategory=utorable:apps:Office365:shared-mailboxes:spanport.search-utoronto.ca-FullWithCompose (searchsp))), parameters={}]
at edu.internet2.middleware.grouper.pspng.LdapObject.matchesLdapFilter(LdapObject.java:266)


2019-10-24 10:10:52,343: [DefaultQuartzScheduler_Worker-6] ERROR LdapObject.matchesLdapFilter(265) - - Problem checking ldap filter in memory: [org.ldaptive.SearchFilter@-1714540057::filter=(&(objectclass=groupOfNames)(businessCategory=utorable:apps:Office365:shared-mailboxes:spanport.search-utoronto.ca-FullWithCompose (searchsp))), parameters={}]
LDAPException(resultCode=87 (filter error), errorMessage='Unexpected opening parenthesis found at position 132 of the filter string.')

The grouper-loader.properties line is:

changeLog.consumer.pspng_utorable.groupCreationLdifTemplate = dn: ${utils.bushyDn(group.name.replaceFirst("utorable:",""), "cn","ou")}||cn: ${grouperUtil.extensionFromName(name)}||objectclass: top||objectclass: groupOfNames||description: ${description}||businessCategory: ${group.name}||member: utid=900005337,dc=able,dc=utoronto,dc=ca

and the search line is

changeLog.consumer.pspng_utorable.singleGroupSearchFilter = (&(objectclass=groupOfNames)(businessCategory=${group.name}))

Is there a way that the search filter could have the open and closed paren be escaped? I looked at grouper/GrouperUtil.java but my untrained eyes didn't find that escape function.

Thanks in advance, -- pete


--
Peter St. Onge
Information Security Architect (416)978-5030
Business Continuity and Communications
Information + Technology Services University of Toronto

  • [grouper-users] Escaping search filter?, Pete St. Onge, 10/24/2019

Archive powered by MHonArc 2.6.19.

Top of Page