You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

#1 2014-01-13 14:58:15

allfiled
Member
Registered: 2014-01-13
Posts: 1

LDAP Filter Comparators (<=, >=) Fail Syntax Check

I'm trying to get a valid LDAP config for GLPI and I'm very very close; but I am having trouble with the LDAP filter. (objectClass=*) works as the default case. The LDAP server itself logs this on a username search: filter="(&(uid=*<username>*)(objectClass=*))" attrs="uid modifyTimestamp", but I'm also trying to specify max/min UIDs.

The way I do this with other LDAP applications is like this: (&(uidNumber>=500)(uidNumber<=9999)), but the GLPI log tells me this is not a valid search filter when the attempt to search for a user is attempted.

2014-01-13 12:41
Warning(2): ldap_search() [<a href='function.ldap-search'>function.ldap-search</a>]: Search: Bad search filter
Backtrace :
/usr/share/glpi/inc/authldap.class.php:1169             ldap_search()
/usr/share/glpi/inc/authldap.class.php:996              AuthLDAP::getAllUsers()
/usr/share/glpi/inc/authldap.class.php:2458             AuthLDAP::showLdapUsers()
/usr/share/glpi/front/ldap.import.php:72                AuthLDAP::searchUser()

Because this is a syntax fail at the application level, I do not see what filter string is constructed as it doesn't get sent to the LDAP server.

I had also tried simply removing the (&) at the start as if you string-replaced the filter into the full search filter you would then achieve a valid filter (&(uid=*<username>*)(uidNumber>=500)(uidNumber<=9999)) rather than the technically correct filter I am expecting: (&(uid=*<username>*)(&(uidNumber>=500)(uidNumber<=9999))), but obviously as this passes a filter syntax checker on the way through this is also rejected.

I have also tried the much more simple filter: (uidNumber>=500) and this also fails, which suggests to me that a >= or <= comparator are being rejected in the syntax check; but this should not be for a valid RFC-compliant filter check.

The version in use is glpi-0.83.9.1-5.el6.noarch as installed from EPEL onto CentOS 6.5 x86_64 using php 5.3.28 on apache 2.2.15-29.

The configuration of GLPI is completely stock. Install GLPI -> Configure one LDAP server -> Test.

The LDAP configuration I'm using is ldaps on port 636, but this should not be relevant. The server is a FreeIPA instance running 389 Directory Server.

Offline

#2 2014-01-15 10:05:01

MoYo
GLPI - Lead
From: Poitiers
Registered: 2004-09-13
Posts: 14,513
Website

Re: LDAP Filter Comparators (<=, >=) Fail Syntax Check


MoYo - Julien Dombre - Association INDEPNET
Contribute to GLPI :    Support     Contribute     References     Freshmeat

Offline

Board footer

Powered by FluxBB