[GH-ISSUE #989] [BUG] userFilter with memberOf capital Group not found. #357

New issue

Closed

opened 2026-02-27 08:16:50 +03:00 by kerem · 5 comments

kerem commented 2026-02-27 08:16:50 +03:00

Owner

Copy link

Originally created by @veenarm on GitHub (Oct 8, 2024).
Original GitHub issue: https://github.com/lldap/lldap/issues/989

Describe the bug
When using userFiltering with memberOf - only seems to work if group memberships are all lowercase in lldap. If they have capitals won't match the user filtering.

To Reproduce
Steps to reproduce the behavior:

1. Create a capitalised Group in LLDAP e.g. GITLAB-Users
2. Setup basedn and userDn
3. Create userFilter that attempts to do a memberOf comparison

• Example: '(&(objectclass=inetOrgPerson)(memberof=cn=GITLAB-Users,ou=groups,dc=lldap,dc=changed,dc=com,dc=au))'

userFilter will fail to match and find users successfully.

Expected behavior
All users of that membership group to be found/matched and returned in the query.

Logs

get_user_list [ 782µs | 0.02% / 0.47% ]
2024-10-07T21:13:31.657071975+00:00  DEBUG    │  │  │  ┝━ :bug: [debug]:  | filters: And([And([]), MemberOf("gitlab-users")])
2024-10-07T21:13:31.657080354+00:00  DEBUG    │  │  │  ┕━ list_users [ 746µs | 0.45% ] filters: Some(And([And([]), MemberOf("gitlab-users")])) | _get_groups: true

Equality("memberof", "cn=GITLAB-Users,ou=groups,dc=lldap,dc=changed,dc=com,dc=au")]), attrs: ["uid", "uid", "cn", "mail", "memberOf"] })

Additional context
Recreated Group in LLDAP lowercase, and it found the group, even with uppercase data passed into the filter. Seems like some lowercasing is happening inside the query.

Originally created by @veenarm on GitHub (Oct 8, 2024). Original GitHub issue: https://github.com/lldap/lldap/issues/989 **Describe the bug** When using userFiltering with memberOf - only seems to work if group memberships are all lowercase in `lldap`. If they have capitals won't match the user filtering. **To Reproduce** Steps to reproduce the behavior: 1. Create a capitalised Group in LLDAP e.g. `GITLAB-Users` 2. Setup basedn and userDn 3. Create userFilter that attempts to do a memberOf comparison - Example: `'(&(objectclass=inetOrgPerson)(memberof=cn=GITLAB-Users,ou=groups,dc=lldap,dc=changed,dc=com,dc=au))'` userFilter will fail to match and find users successfully. **Expected behavior** All users of that membership group to be found/matched and returned in the query. **Logs** ``` get_user_list [ 782µs | 0.02% / 0.47% ] 2024-10-07T21:13:31.657071975+00:00 DEBUG │ │ │ ┝━ :bug: [debug]: | filters: And([And([]), MemberOf("gitlab-users")]) 2024-10-07T21:13:31.657080354+00:00 DEBUG │ │ │ ┕━ list_users [ 746µs | 0.45% ] filters: Some(And([And([]), MemberOf("gitlab-users")])) | _get_groups: true Equality("memberof", "cn=GITLAB-Users,ou=groups,dc=lldap,dc=changed,dc=com,dc=au")]), attrs: ["uid", "uid", "cn", "mail", "memberOf"] }) ``` **Additional context** Recreated `Group` in LLDAP lowercase, and it `found` the group, even with uppercase data passed into the filter. Seems like some lowercasing is happening inside the query.

kerem 2026-02-27 08:16:50 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-02-27 08:16:51 +03:00

Author

Owner

Copy link

@bojidar-bg commented on GitHub (Oct 8, 2024):

Potential duplicate of #849. What version are you running? (:

<!-- gh-comment-id:2400936702 --> @bojidar-bg commented on GitHub (Oct 8, 2024): Potential duplicate of #849. What version are you running? (:

kerem commented 2026-02-27 08:16:51 +03:00

Author

Owner

Copy link

@veenarm commented on GitHub (Oct 9, 2024):

Ahh... What ever TrueCharts was.. looks liek it is :

 image:
  repository: docker.io/nitnelave/lldap
  pullPolicy: IfNotPresent
  tag: v0.5.0-debian@sha256:049ee263b477065f849b999ba42adace8b406539cc98eb297d6de7e40041944a

I will verify tonight when I get home - I just took that from the TrueCharts website, and I do auto updates, but maybe its old.

<!-- gh-comment-id:2401318060 --> @veenarm commented on GitHub (Oct 9, 2024): Ahh... What ever TrueCharts was.. looks liek it is : ```yaml image: repository: docker.io/nitnelave/lldap pullPolicy: IfNotPresent tag: v0.5.0-debian@sha256:049ee263b477065f849b999ba42adace8b406539cc98eb297d6de7e40041944a ``` I will verify tonight when I get home - I just took that from the TrueCharts website, and I do auto updates, but maybe its old.

kerem commented 2026-02-27 08:16:51 +03:00

Author

Owner

Copy link

@veenarm commented on GitHub (Oct 9, 2024):

ok, confirmed I'm running: docker.io/nitnelave/lldap:v0.5.0-debian@sha256:872610a32c9c2bc1392fbd934fa5a355d70b467b92032637ea017c5717c2f1bf

<!-- gh-comment-id:2401589575 --> @veenarm commented on GitHub (Oct 9, 2024): ok, confirmed I'm running: `docker.io/nitnelave/lldap:v0.5.0-debian@sha256:872610a32c9c2bc1392fbd934fa5a355d70b467b92032637ea017c5717c2f1bf`

kerem commented 2026-02-27 08:16:51 +03:00

Author

Owner

Copy link

@bojidar-bg commented on GitHub (Oct 9, 2024):

Yeahh... that's definitely older than the fix. You can either work around the issue by only having all-lowercase groups/users, switch to a newer version (e.g. anything newer than 2024-02-27 should be new enough), or wait for #790.

<!-- gh-comment-id:2402766814 --> @bojidar-bg commented on GitHub (Oct 9, 2024): Yeahh... that's definitely older than the fix. You can either work around the issue by only having all-lowercase groups/users, switch to a newer version (e.g. anything newer than `2024-02-27` should be new enough), or wait for [\#790](https://github.com/lldap/lldap/issues/790).

kerem commented 2026-02-27 08:16:51 +03:00

Author

Owner

Copy link

@veenarm commented on GitHub (Oct 10, 2024):

I've upgraded to a later version, i'll re-test it this weekend.

<!-- gh-comment-id:2405974773 --> @veenarm commented on GitHub (Oct 10, 2024): I've upgraded to a later version, i'll re-test it this weekend.

kerem referenced this issue 2026-02-27 09:09:24 +03:00

[PR #357] [MERGED] Front-end design improvements #698

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dependabot/github_actions/codecov/codecov-action-6

copilot/fix-equality-filters-list-attributes

dependabot/github_actions/docker/build-push-action-7

dependabot/github_actions/docker/metadata-action-6

dependabot/github_actions/docker/setup-buildx-action-4

dependabot/github_actions/docker/login-action-4

copilot/update-download-artifact-action

copilot/fix-opensuse-warnings

copilot/fix-1268

copilot/fix-727

copilot/fix-898

copilot/fix-1256

copilot/fix-1251

copilot/fix-1249

copilot/fix-1206

user-attribute-form

user-ui

group-ui

server-user-attribute-schema

crates

haveibeenpwned

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.0

v0.2.0

v0.0.1

Labels

Clear labels   

backend

  

blocked

  

bug

  

cleanup

  

dependencies

  

docker

  

documentation

  

duplicate

  

enhancement

  

enhancement

  

frontend

  

github_actions

  

good first issue

  

help wanted

  

help wanted

  

integration

  

invalid

  

ldap

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

rust

  

rust

  

tests

  

wontfix

No labels

backend

blocked

bug

cleanup

dependencies

docker

documentation

duplicate

enhancement

enhancement

frontend

github_actions

good first issue

help wanted

help wanted

integration

invalid

ldap

pull-request

question

rust

rust

tests

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/lldap-lldap#357

No description provided.