Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-795

whitespace not trimmed from LDAP search filters

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.1.2
    • Fix Version/s: 3.2.0
    • Component/s: Attribute Resolver
    • Labels:
      None
    • Environment:

      IdP version 3.1.2, using configuration files updated from V2.

      Description

      We are updating from IdP V2, where we we have been using the template language to effect a conditional query in an additional LDAP data connector, based on the value (if any) of a dependency attribute:

      {{
      <FilterTemplate>
      <![CDATA[
      #if (${attribute.isEmpty()} || ! ${attribute.get(0)})
      <dummy filter guaranteed to return no results>
      #else
      <"real" LDAP search filter>
      #end
      ]]>
      </FilterTemplate>
      }}

      In version 3, this template does not work unless we remove the newlines preceding the #else and #end directives, e.g.:

      {{
      <FilterTemplate>
      <![CDATA[
      #if (${attribute.isEmpty()} || ! ${attribute.get(0)})
      <dummy filter guaranteed to return no results>#else
      <"real" LDAP search filter>#end
      ]]>
      </FilterTemplate>
      }}

      Debug logging indicates that the search filter has both the leading and trailing whitespace, including the newline, yielded by the template (apparently JNDI trims the spaces, but not the newline), thus breaking the query.

      In version 2, it looks like the filter yielded by the template was trimmed explicitly for all leading and trailing whitespace; see edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:307 (java-shib-common 1.4.3)

        Attachments

          Activity

            People

            Assignee:
            dfisher@vt.edu Daniel W Fisher
            Reporter:
            rbasch@mit.edu Robert A Basch
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour
                1h