Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
Openfire
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Administrator
Openfire
Commits
e6a39eac
Commit
e6a39eac
authored
Nov 24, 2016
by
Anno van Vliet
Committed by
akrherz
Nov 24, 2016
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Enable use of wildcard when searching users in LDAP
parent
806fae9e
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
41 additions
and
4 deletions
+41
-4
LdapManager.java
src/java/org/jivesoftware/openfire/ldap/LdapManager.java
+16
-1
LdapUserProvider.java
...java/org/jivesoftware/openfire/ldap/LdapUserProvider.java
+10
-3
LDAPTest.java
src/test/java/org/jivesoftware/util/LDAPTest.java
+15
-0
No files found.
src/java/org/jivesoftware/openfire/ldap/LdapManager.java
View file @
e6a39eac
...
@@ -2234,6 +2234,21 @@ public class LdapManager {
...
@@ -2234,6 +2234,21 @@ public class LdapManager {
* search filter string.
* search filter string.
*/
*/
public
static
String
sanitizeSearchFilter
(
final
String
value
)
{
public
static
String
sanitizeSearchFilter
(
final
String
value
)
{
return
sanitizeSearchFilter
(
value
,
false
);
}
/**
* Escapes any special chars (RFC 4515) from a string representing
* a search filter assertion value, with the exception of the '*' wildcard sign
*
* @param value The input string.
*
* @return A assertion value string ready for insertion into a
* search filter string.
*/
public
static
String
sanitizeSearchFilter
(
final
String
value
,
boolean
acceptWildcard
)
{
StringBuilder
result
=
new
StringBuilder
();
StringBuilder
result
=
new
StringBuilder
();
...
@@ -2246,7 +2261,7 @@ public class LdapManager {
...
@@ -2246,7 +2261,7 @@ public class LdapManager {
case
'&'
:
result
.
append
(
"\\26"
);
break
;
case
'&'
:
result
.
append
(
"\\26"
);
break
;
case
'('
:
result
.
append
(
"\\28"
);
break
;
case
'('
:
result
.
append
(
"\\28"
);
break
;
case
')'
:
result
.
append
(
"\\29"
);
break
;
case
')'
:
result
.
append
(
"\\29"
);
break
;
case
'*'
:
result
.
append
(
"\\2a"
);
break
;
case
'*'
:
result
.
append
(
acceptWildcard
?
"*"
:
"\\2a"
);
break
;
case
':'
:
result
.
append
(
"\\3a"
);
break
;
case
':'
:
result
.
append
(
"\\3a"
);
break
;
case
'\\'
:
result
.
append
(
"\\5c"
);
break
;
case
'\\'
:
result
.
append
(
"\\5c"
);
break
;
case
'|'
:
result
.
append
(
"\\7c"
);
break
;
case
'|'
:
result
.
append
(
"\\7c"
);
break
;
...
...
src/java/org/jivesoftware/openfire/ldap/LdapUserProvider.java
View file @
e6a39eac
...
@@ -301,6 +301,15 @@ public class LdapUserProvider implements UserProvider {
...
@@ -301,6 +301,15 @@ public class LdapUserProvider implements UserProvider {
if
(
fields
.
isEmpty
()
||
query
==
null
||
""
.
equals
(
query
))
{
if
(
fields
.
isEmpty
()
||
query
==
null
||
""
.
equals
(
query
))
{
return
Collections
.
emptyList
();
return
Collections
.
emptyList
();
}
}
query
=
LdapManager
.
sanitizeSearchFilter
(
query
,
true
);
// Make the query be a wildcard search by default. So, if the user searches for
// "John", make the search be "John*" instead.
if
(!
query
.
endsWith
(
"*"
))
{
query
=
query
+
"*"
;
}
if
(!
searchFields
.
keySet
().
containsAll
(
fields
))
{
if
(!
searchFields
.
keySet
().
containsAll
(
fields
))
{
throw
new
IllegalArgumentException
(
"Search fields "
+
fields
+
" are not valid."
);
throw
new
IllegalArgumentException
(
"Search fields "
+
fields
+
" are not valid."
);
}
}
...
@@ -315,10 +324,8 @@ public class LdapUserProvider implements UserProvider {
...
@@ -315,10 +324,8 @@ public class LdapUserProvider implements UserProvider {
}
}
for
(
String
field:
fields
)
{
for
(
String
field:
fields
)
{
String
attribute
=
searchFields
.
get
(
field
);
String
attribute
=
searchFields
.
get
(
field
);
// Make the query be a wildcard search by default. So, if the user searches for
// "John", make the sanitized search be "John*" instead.
filter
.
append
(
'('
).
append
(
attribute
).
append
(
'='
)
filter
.
append
(
'('
).
append
(
attribute
).
append
(
'='
)
.
append
(
LdapManager
.
sanitizeSearchFilter
(
query
)).
append
(
"*
)"
);
.
append
(
query
).
append
(
"
)"
);
}
}
if
(
fields
.
size
()
>
1
)
{
if
(
fields
.
size
()
>
1
)
{
filter
.
append
(
')'
);
filter
.
append
(
')'
);
...
...
src/test/java/org/jivesoftware/util/LDAPTest.java
View file @
e6a39eac
...
@@ -74,6 +74,21 @@ public class LDAPTest {
...
@@ -74,6 +74,21 @@ public class LDAPTest {
converted
=
LdapManager
.
sanitizeSearchFilter
(
before
);
converted
=
LdapManager
.
sanitizeSearchFilter
(
before
);
assertTrue
(
"Conversion result "
+
before
+
" to "
+
converted
,
converted
.
equals
(
after
));
assertTrue
(
"Conversion result "
+
before
+
" to "
+
converted
,
converted
.
equals
(
after
));
before
=
"Wildcard *"
;
after
=
"Wildcard *"
;
converted
=
LdapManager
.
sanitizeSearchFilter
(
before
,
true
);
assertTrue
(
"Conversion result "
+
before
+
" to "
+
converted
,
converted
.
equals
(
after
));
before
=
"Wild*card *"
;
after
=
"Wild\\2acard \\2a"
;
converted
=
LdapManager
.
sanitizeSearchFilter
(
before
,
false
);
assertTrue
(
"Conversion result "
+
before
+
" to "
+
converted
,
converted
.
equals
(
after
));
before
=
"Wild*card *"
;
after
=
"Wild*card *"
;
converted
=
LdapManager
.
sanitizeSearchFilter
(
before
,
true
);
assertTrue
(
"Conversion result "
+
before
+
" to "
+
converted
,
converted
.
equals
(
after
));
before
=
"~ Group|Section & Teams!"
;
before
=
"~ Group|Section & Teams!"
;
after
=
"\\7e Group\\7cSection \\26 Teams\\21"
;
after
=
"\\7e Group\\7cSection \\26 Teams\\21"
;
converted
=
LdapManager
.
sanitizeSearchFilter
(
before
);
converted
=
LdapManager
.
sanitizeSearchFilter
(
before
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment