Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EqualsFilter does not support binary strings #634

Open
goto1134 opened this issue Apr 9, 2022 · 0 comments
Open

EqualsFilter does not support binary strings #634

goto1134 opened this issue Apr 9, 2022 · 0 comments

Comments

@goto1134
Copy link

goto1134 commented Apr 9, 2022
edited
Loading

Suppose the following classes:

@Entry(objectClasses = ["top", "person", "user"], base = "ou=users")
class LdapUser {

    @Id
    lateinit var id: Name

    @Attribute(name = "objectGUID", type = Attribute.Type.BINARY, readonly = true)
    lateinit var guid: UUID
}


@Repository
class LdapUserRepository(
    private val ldapTemplate: LdapTemplate,
) {
    fun findById(guid: UUID): LdapUser {
        val byteBuffer = ByteBuffer.wrap(ByteArray(16))
        byteBuffer.putLong(guid.mostSignificantBits)
        byteBuffer.putLong(guid.leastSignificantBits)
        val bytes = byteBuffer.array()

        val guidByteString = bytes.joinToString("\\", "\\") { "%02x".format(it) }
        val guidFilter = HardcodedFilter("(objectGUID=$guidByteString)")

        return ldapTemplate.find(
            query().where("objectGUID").`is`(guidByteString),
            LdapUser::class.java
        ).firstOrNull() ?: error("Could not find user")
    }

When you search the user with guid 90d1c68e-01be-4485-aafd-b3ffb9ddb026. The following log will be generated but nothing would be found:

DEBUG LdapTemplate.java[find]:1843 - Searching - base=ou=users, finalFilter=(&(&(objectclass=top)(objectclass=person)(objectclass=user))(objectGUID=\90\d1\c6\8e\01\be\44\85\aa\fd\b3\ff\b9\dd\b0\26)), scope=javax.naming.directory.SearchControls@54e07139

The query is correct, but it will not be executed. The following query will be executed instead:

base=ou=users, finalFilter=(&(&(objectclass=top)(objectclass=person)(objectclass=user))(objectGUID=\5c90\5cd1\5cc6\5c8e\5c01\5cbe\5c44\5c85\5caa\5cfd\5cb3\5cff\5cb9\5cdd\5cb0\5c26))

This happens because org.springframework.ldap.filter.EqualsFilter will be encoded and the backslashes will be escaped. This encoding is incorrect for the binary strings.

Please,

  1. provide a way to pass a value to the query builder without the encoding
  2. provide a way to pass binary values to the query builder
  3. fix the log at LdapTemplate.java[find]:1843 to show the propper encoded finalFilter

P.S. There is a workaround to fix the encoding issue but it finalizes the query builder

@Repository
class LdapUserRepository(
    private val ldapTemplate: LdapTemplate,
) {
    fun findById(guid: UUID): LdapUser {
        val byteBuffer = ByteBuffer.wrap(ByteArray(16))
        byteBuffer.putLong(guid.mostSignificantBits)
        byteBuffer.putLong(guid.leastSignificantBits)
        val bytes = byteBuffer.array()

        val guidByteString = bytes.joinToString("\\", "\\") { "%02x".format(it) }
        val guidFilter = HardcodedFilter("(objectGUID=$guidByteString)")

        return ldapTemplate.find(
            query().filter(guidFilter),
            LdapUser::class.java
        ).firstOrNull() ?: error("Could not find user")
    }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@goto1134