You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@camel.apache.org by "Claus Ibsen (Jira)" <ji...@apache.org> on 2023/01/03 18:20:00 UTC

[jira] [Comment Edited] (CAMEL-18811) camel-ldap - InvalidSearchFilterException: invalid attribute description

    [ https://issues.apache.org/jira/browse/CAMEL-18811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17654129#comment-17654129 ] 

Claus Ibsen edited comment on CAMEL-18811 at 1/3/23 6:19 PM:
-------------------------------------------------------------

3.20.0 is not affected at all - whether or not the CVE is retracted, as it was not released before the CVE was public.

However it may be that this CVE database says 3.19.0 is affected and the 3rd item does not have an upper bound
https://nvd.nist.gov/vuln/detail/CVE-2022-45046#match-8689567


was (Author: davsclaus):
3.20.0 is not affected at all - whether or not the CVE is retracted

> camel-ldap - InvalidSearchFilterException: invalid attribute description
> ------------------------------------------------------------------------
>
>                 Key: CAMEL-18811
>                 URL: https://issues.apache.org/jira/browse/CAMEL-18811
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-ldap
>    Affects Versions: 3.14.7, 3.18.4
>         Environment: linux, jdk11, camel-main, camel-ldap, ActiveDirectory
>            Reporter: Christian Schubert-Huff
>            Assignee: Claus Ibsen
>            Priority: Minor
>             Fix For: 3.14.8, 3.18.5, 3.20.0
>
>
> We updated to camel 3.18.4 and this broke camel-ldap, running against ActiveDirectory.
> Filter string is "(CN=USERID)". In 3.18.4, this gets escaped to "\28CN=USERID\29" (changed by CAMEL-18696), which does not return a result, but instead throws this exception:
> {code:java}
> javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'OU=Std,OU=User,OU=ORG,DC=ad,DC=example,DC=com'
>         at java.naming/com.sun.jndi.ldap.Filter.encodeSimpleFilter(Unknown Source)
>         at java.naming/com.sun.jndi.ldap.Filter.encodeFilter(Unknown Source)
>         at java.naming/com.sun.jndi.ldap.Filter.encodeFilterString(Unknown Source)
>         at java.naming/com.sun.jndi.ldap.LdapClient.search(Unknown Source)
>         at java.naming/com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)
>         at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
>         at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
>         at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
>         at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
>         at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
>         at java.naming/javax.naming.directory.InitialDirContext.search(Unknown Source)
>         at org.apache.camel.component.ldap.LdapProducer.simpleSearch(LdapProducer.java:129)
>         at org.apache.camel.component.ldap.LdapProducer.process(LdapProducer.java:83)
> {code}
> The same filter string used to work fine in 3.18.1



--
This message was sent by Atlassian Jira
(v8.20.10#820010)