Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

colons are ':' valid filter characters #73

Merged
merged 1 commit into from

3 participants

@sahglie

ruby-net-ldap is choking on queries that work with our university LDAP using the ldapsearch utility. Here is an example of such a query:

ldapsearch -H ldaps://ldap.berkeley.edu -x -D "<bind>" -W -s sub -b "ou=people,dc=berkeley,dc=edu" "(&(objectclass=person)(ismemberof=cn=edu:berkeley:app:calmessages:deans,ou=campus groups,dc=berkeley,dc=edu))" "uid"

In this case, ruby-net-ldap would raise Net::LDAP::LdapError: Invalid filter syntax

I've also run this query using the python ldap library and like ldapsearch it works fine.

While debugging this I isolated the problem down to the parse_filter_branch method: the scanner doesn't include ':' in its regex when--I believe--it should. After updating the regex everything worked as expected for me. Please let me know if you have any questions.

@slbug

also '/' valid too

2.1.1 :010 > Net::LDAP::Filter.construct("(|(loginShell=/bin/bash)(loginShell=/bin/zsh))")
Net::LDAP::LdapError: Invalid filter syntax.
2.1.1 :002 > (Net::LDAP::Filter.eq('loginShell', '/bin/bash') | Net::LDAP::Filter.eq('loginShell', '/bin/zsh')).to_s
 => "(|(loginShell=/bin/bash)(loginShell=/bin/zsh))" 
@schaary schaary merged commit bbf351b into ruby-ldap:master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Sep 5, 2013
  1. @sahglie
This page is out of date. Refresh to see the latest.
Showing with 7 additions and 1 deletion.
  1. +1 −1  lib/net/ldap/filter.rb
  2. +6 −0 spec/unit/ldap/filter_parser_spec.rb
View
2  lib/net/ldap/filter.rb
@@ -755,7 +755,7 @@ def parse_filter_branch(scanner)
scanner.scan(/\s*/)
if op = scanner.scan(/<=|>=|!=|:=|=/)
scanner.scan(/\s*/)
- if value = scanner.scan(/(?:[-\w*.+@=,#\$%&!'\s\xC3\x80-\xCA\xAF]|[^\x00-\x7F]|\\[a-fA-F\d]{2})+/u)
+ if value = scanner.scan(/(?:[-\w*.+:@=,#\$%&!'\s\xC3\x80-\xCA\xAF]|[^\x00-\x7F]|\\[a-fA-F\d]{2})+/u)
# 20100313 AZ: Assumes that "(uid=george*)" is the same as
# "(uid=george* )". The standard doesn't specify, but I can find
# no examples that suggest otherwise.
View
6 spec/unit/ldap/filter_parser_spec.rb
@@ -16,5 +16,11 @@
expect(Net::LDAP::Filter::FilterParser.parse(filter_string)).to be_a Net::LDAP::Filter
end
end
+ context "Given string including colons ':'" do
+ let(:filter_string) { "(ismemberof=cn=edu:berkeley:app:calmessages:deans,ou=campus groups,dc=berkeley,dc=edu)" }
+ specify "should generate filter object" do
+ expect(Net::LDAP::Filter::FilterParser.parse(filter_string)).to be_a Net::LDAP::Filter
+ end
+ end
end
end
Something went wrong with that request. Please try again.