grouper-users - Re: [grouper-users] Escaping search filter?
Subject: Grouper Users - Open Discussion List
List archive
- From: Jeffrey Williams <>
- To: "Pete St. Onge" <>
- Cc: "" <>
- Subject: Re: [grouper-users] Escaping search filter?
- Date: Thu, 14 Nov 2019 13:03:00 -0500
Hi Pete,
There is an escapeLdapFilter(String FilterString) in:
So perhaps you can use ${utils.escapeLdapFilter(group.name)} in your groupCreationLdifTemplate and singleGroupSearchFilter lines and see if that works for you?
-Jeff
On Thu, Oct 24, 2019 at 10:27 AM Pete St. Onge <> wrote:
As we transition from an earlier version of Grouper to current (2.4.0,
pretty much all of the API patches, we may be behind some of the most
recent, > 70).
I should note at this point that we opted to use businessCategory LDAP
attribute to hold the fully-qualified group name to facilitate how PSPNG
provisions into our OpenLDAP directory.
I'm seeing this error in logs, around a set of names
2019-10-24 10:01:39,350: [DefaultQuartzScheduler_Worker-5] ERROR
Provisioner.prepareGroupCache(781) - - Problem fetching information on
group
'utorable:apps:Office365:shared-mailboxes:spanport.search-utoronto.ca-FullWithCompose
(searchsp)'
edu.internet2.middleware.grouper.pspng.PspException: Problem checking
ldap filter {}:
[org.ldaptive.SearchFilter@-1714540057::filter=(&(objectclass=groupOfNames)(businessCategory=utorable:apps:Office365:shared-mailboxes:spanport.search-utoronto.ca-FullWithCompose
(searchsp))), parameters={}]
at
edu.internet2.middleware.grouper.pspng.LdapObject.matchesLdapFilter(LdapObject.java:266)
2019-10-24 10:10:52,343: [DefaultQuartzScheduler_Worker-6] ERROR
LdapObject.matchesLdapFilter(265) - - Problem checking ldap filter in
memory:
[org.ldaptive.SearchFilter@-1714540057::filter=(&(objectclass=groupOfNames)(businessCategory=utorable:apps:Office365:shared-mailboxes:spanport.search-utoronto.ca-FullWithCompose
(searchsp))), parameters={}]
LDAPException(resultCode=87 (filter error), errorMessage='Unexpected
opening parenthesis found at position 132 of the filter string.')
The grouper-loader.properties line is:
changeLog.consumer.pspng_utorable.groupCreationLdifTemplate = dn:
${utils.bushyDn(group.name.replaceFirst("utorable:",""),
"cn","ou")}||cn: ${grouperUtil.extensionFromName(name)}||objectclass:
top||objectclass: groupOfNames||description:
${description}||businessCategory: ${group.name}||member:
utid=900005337,dc=able,dc=utoronto,dc=ca
and the search line is
changeLog.consumer.pspng_utorable.singleGroupSearchFilter =
(&(objectclass=groupOfNames)(businessCategory=${group.name}))
Is there a way that the search filter could have the open and closed
paren be escaped? I looked at grouper/GrouperUtil.java but my untrained
eyes didn't find that escape function.
Thanks in advance, -- pete
--
Peter St. Onge
Information Security Architect (416)978-5030
Business Continuity and Communications
Information + Technology Services University of Toronto
- Re: [grouper-users] Escaping search filter?, Jeffrey Williams, 11/14/2019
Archive powered by MHonArc 2.6.19.