United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-7041125 LDAP API does not catch malformed filters that contain two operands for the ! operator
JDK-7041125 : LDAP API does not catch malformed filters that contain two operands for the ! operator

Details
Type:
Bug
Submit Date:
2011-05-02
Status:
Closed
Updated Date:
2013-04-20
Project Name:
JDK
Resolved Date:
2012-06-13
Component:
core-libs
OS:
generic
Sub-Component:
javax.naming
CPU:
generic
Priority:
P3
Resolution:
Fixed
Affected Versions:
6u24
Fixed Versions:
6u26-rev (b25)

Related Reports
Backport:
Backport:
Backport:
Backport:
Backport:

Sub Tasks

Description
The following filter validates OK with 6u24 but an OpenLDAP library throws error.

The filter in question is:
   (&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)(telephonenumber=+*)))

The issue is due to the misplacement of a parenthesis the second"!" is given two operands.

The filter should be rewriiten as:
  
(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(telephonenumber=+*))
 
The open LDAP library Openldap-2_4_19 throws the following error message:

13:33:20.526 |LDAP Search complete. Code: -7|*^*^*
13:33:20.526 |Failed to find user in directory: LDAP code: -7|*^*^*
13:33:20.526 |LDAP failure getting user entry: Bad search filter|*^*^

                                    

Comments
WORK AROUND

Check the syntax before using JNDI.
                                     
2011-05-04
EVALUATION

In RFC 2254/4515, NOT(!) is defined as:
   not        = "!" filter
but not
   not        = "!" filterlist

We need to check the syntax strictly.
                                     
2011-05-04



Hardware and Software, Engineered to Work Together