mirror of
https://github.com/lldap/lldap.git
synced 2026-04-25 16:25:55 +03:00
[GH-ISSUE #1073] [BUG] LDAP search for attribute values will only match lowercased strings. Attribute values with any uppercase will never match. #386
Labels
No labels
backend
blocked
bug
cleanup
dependencies
docker
documentation
duplicate
enhancement
enhancement
frontend
github_actions
good first issue
help wanted
help wanted
integration
invalid
ldap
pull-request
question
rust
rust
tests
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/lldap-lldap#386
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @broeng on GitHub (Jan 12, 2025).
Original GitHub issue: https://github.com/lldap/lldap/issues/1073
Describe the bug
When storing attribute values, the values are stored in the DB in the case they are given, serialized with serde. I think this is correct behaviour.
When an LDAP search for a specific attribute value is done, the value in the search filter will have been lowercased, before it is serialized with Serde, and used for lookup in the user_attributes table. This means the serialized value will never match a value that was not also stored in lowercase.
To Reproduce
Steps to reproduce the behavior:
ldapsearch ... '(&(objectclass=person)(sambaSID=S-1-5-21-2293260629-1257142175-1903762185-3202))'Expected behavior
Expected to get user back, with the given attribute and value.
Logs
Query from LLDAP - observe how value is lowercased in filter expression:
From postgres log:
We can see that it searches for an encoded attribute value of (note the 7 after the row of zeroes):
If we look it up in the user_attributes table we can see it's encoded differently (note the 5 after the row of zeroes):
To summarize: Even if you explicitly search for a value with uppercase letters, the value will be lowercased, serialized and then used for lookup in the DB. If the desired attribute value is stored with uppercase letters - as you searched for - it will not be found, as it is stored in the original case, serialized (and the serialization is of course case sensitive).
@broeng commented on GitHub (Jan 22, 2025):
Fixed with PR #1074