You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@camel.apache.org by "Christian Schubert-Huff (Jira)" <ji...@apache.org> on 2023/01/03 15:54:00 UTC

[jira] [Commented] (CAMEL-18811) camel-ldap - InvalidSearchFilterException: invalid attribute description

    [ https://issues.apache.org/jira/browse/CAMEL-18811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17654077#comment-17654077 ] 

Christian Schubert-Huff commented on CAMEL-18811:
-------------------------------------------------

On a sidenote, the CVE retraction process seems somewhat slow and unreliable to me. We migrated to 3.20.0, and yet, that version of camel-ldap was again flagged as vulnerable to the CVE, with a criticality that - once again - broke our build.

> camel-ldap - InvalidSearchFilterException: invalid attribute description
> ------------------------------------------------------------------------
>
>                 Key: CAMEL-18811
>                 URL: https://issues.apache.org/jira/browse/CAMEL-18811
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-ldap
>    Affects Versions: 3.14.7, 3.18.4
>         Environment: linux, jdk11, camel-main, camel-ldap, ActiveDirectory
>            Reporter: Christian Schubert-Huff
>            Assignee: Claus Ibsen
>            Priority: Minor
>             Fix For: 3.14.8, 3.18.5, 3.20.0
>
>
> We updated to camel 3.18.4 and this broke camel-ldap, running against ActiveDirectory.
> Filter string is "(CN=USERID)". In 3.18.4, this gets escaped to "\28CN=USERID\29" (changed by CAMEL-18696), which does not return a result, but instead throws this exception:
> {code:java}
> javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'OU=Std,OU=User,OU=ORG,DC=ad,DC=example,DC=com'
>         at java.naming/com.sun.jndi.ldap.Filter.encodeSimpleFilter(Unknown Source)
>         at java.naming/com.sun.jndi.ldap.Filter.encodeFilter(Unknown Source)
>         at java.naming/com.sun.jndi.ldap.Filter.encodeFilterString(Unknown Source)
>         at java.naming/com.sun.jndi.ldap.LdapClient.search(Unknown Source)
>         at java.naming/com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)
>         at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
>         at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
>         at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
>         at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
>         at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
>         at java.naming/javax.naming.directory.InitialDirContext.search(Unknown Source)
>         at org.apache.camel.component.ldap.LdapProducer.simpleSearch(LdapProducer.java:129)
>         at org.apache.camel.component.ldap.LdapProducer.process(LdapProducer.java:83)
> {code}
> The same filter string used to work fine in 3.18.1



--
This message was sent by Atlassian Jira
(v8.20.10#820010)