JDK-7041125 : LDAP API does not catch malformed filters that contain two operands for the ! operator
  • Type: Bug
  • Component: core-libs
  • Sub-Component: javax.naming
  • Affected Version: 6u24
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2011-05-02
  • Updated: 2013-09-12
  • Resolved: 2012-06-13
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availabitlity Release.

To download the current JDK release, click here.
JDK 6 JDK 7 JDK 8
6u26-rev b25Fixed 7u2Fixed 8Fixed
Description
The following filter validates OK with 6u24 but an OpenLDAP library throws error.

The filter in question is:
   (&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)(telephonenumber=+*)))

The issue is due to the misplacement of a parenthesis the second"!" is given two operands.

The filter should be rewriiten as:
  
(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(telephonenumber=+*))
 
The open LDAP library Openldap-2_4_19 throws the following error message:

13:33:20.526 |LDAP Search complete. Code: -7|*^*^*
13:33:20.526 |Failed to find user in directory: LDAP code: -7|*^*^*
13:33:20.526 |LDAP failure getting user entry: Bad search filter|*^*^

Comments
WORK AROUND Check the syntax before using JNDI.
2011-05-04

EVALUATION In RFC 2254/4515, NOT(!) is defined as: not = "!" filter but not not = "!" filterlist We need to check the syntax strictly.
2011-05-04