Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-24029

Dynamic LDAP groups containing certain wildcards raise parsing error

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 7.10, 8.10, 9.3
    • Fix Version/s: None
    • Component/s: Directory
    • Tags:
    • Backlog priority:
      570
    • Sprint:
      nxsupport 10.1.2
    • Story Points:
      8

      Description

      1. Set up an LDAP server
      2. add a group like the following one: 
        dn: cn=user7,ou=dynamic,ou=groups,dc=nuxeo,dc=com
objectClass: groupOfURLs
cn: user7
memberURL: ldap:///ou=people,dc=nuxeo,dc=com?uid?sub?(&(objectClass=inetOrgPerson)(uid=user*7*))
description: Users with a 7 in their uid
      3. Install Nuxeo
      4. Login
      5. Head over to Admin/Users and Groups
      6. Search users with *
      7. Observe the following in the Nuxeo logs: 
        2017-12-21 09:25:11,762 ERROR [http-bio-0.0.0.0-8080-exec-7] [nuxeo-error-log] javax.servlet.ServletException: On requestURL: http://localhost:8080/nuxeo/view_admin.faces
	at org.nuxeo.ecm.platform.ui.web.rest.FancyURLFilter.doFilter(FancyURLFilter.java:140)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.nuxeo.ecm.platform.web.common.requestcontroller.filter.NuxeoRequestControllerFilter.doFilter(NuxeoRequestControllerFilter.java:146)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.nuxeo.ecm.webdav.service.WIRequestFilter.doFilter(WIRequestFilter.java:61)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilterInternal(NuxeoAuthenticationFilter.java:608)
	at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:51)
	at org.nuxeo.ecm.platform.ui.web.auth.oauth.NuxeoOAuthFilter.doFilter(NuxeoOAuthFilter.java:122)
	at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:49)
	at org.nuxeo.ecm.platform.ui.web.auth.oauth2.NuxeoOAuth2Filter.doFilter(NuxeoOAuth2Filter.java:82)
	at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:49)
	at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilter(NuxeoAuthenticationFilter.java:411)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.nuxeo.ecm.platform.web.common.requestcontroller.filter.NuxeoCorsFilter.doFilter(NuxeoCorsFilter.java:51)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoExceptionFilter.doFilter(NuxeoExceptionFilter.java:77)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.nuxeo.ecm.platform.web.common.encoding.NuxeoEncodingFilter.doFilter(NuxeoEncodingFilter.java:75)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
	at org.nuxeo.runtime.tomcat.dev.DevValve.invoke(DevValve.java:69)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:745)
Caused by: javax.servlet.ServletException: could not parse LDAP filter: (&(objectClass=inetOrgPerson)(uid=user*7*))
	at javax.faces.webapp.FacesServlet.service(FacesServlet.java:659)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
	at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
	at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
	at org.nuxeo.elasticsearch.web.sync.UIThreadMarker.doFilter(UIThreadMarker.java:48)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
	at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.nuxeo.ecm.platform.web.common.requestcontroller.filter.NuxeoThreadTrackerFilter.doFilter(NuxeoThreadTrackerFilter.java:43)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.nuxeo.ecm.core.management.jtajca.internal.Log4jWebFilter.doFilter(Log4jWebFilter.java:69)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.nuxeo.ecm.platform.ui.web.rest.FancyURLFilter.doFilter(FancyURLFilter.java:120)
	... 41 more
Caused by: org.nuxeo.ecm.directory.DirectoryException: could not parse LDAP filter: (&(objectClass=inetOrgPerson)(uid=user*7*))
	at org.nuxeo.ecm.directory.ldap.LDAPFilterMatcher.match(LDAPFilterMatcher.java:79)
	at org.nuxeo.ecm.directory.ldap.LDAPReference.getSourceIdsForTarget(LDAPReference.java:584)
	at org.nuxeo.ecm.directory.multi.MultiReference$1.collect(MultiReference.java:98)
	at org.nuxeo.ecm.directory.multi.MultiReference.doCollect(MultiReference.java:80)
	at org.nuxeo.ecm.directory.multi.MultiReference.getSourceIdsForTarget(MultiReference.java:93)
	at org.nuxeo.ecm.directory.InverseReference.getTargetIdsForSource(InverseReference.java:146)
	at org.nuxeo.ecm.directory.ldap.LDAPSession.ldapResultToDocumentModel(LDAPSession.java:901)
	at org.nuxeo.ecm.directory.ldap.LDAPSession.getEntryFromSource(LDAPSession.java:264)
	at org.nuxeo.ecm.directory.DirectoryCache.getEntry(DirectoryCache.java:121)
	at org.nuxeo.ecm.directory.ldap.LDAPSession.getEntry(LDAPSession.java:254)
	at org.nuxeo.ecm.directory.multi.MultiDirectorySession.getEntry(MultiDirectorySession.java:360)
	at org.nuxeo.ecm.directory.multi.MultiDirectorySession.getEntry(MultiDirectorySession.java:345)
	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.getUserModel(UserManagerImpl.java:1213)
	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.getUserModel(UserManagerImpl.java:594)
	at org.nuxeo.ecm.webapp.security.UserSuggestionActionsBean.getUserInfo(UserSuggestionActionsBean.java:278)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
	at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
	at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
	at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:79)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
	at org.nuxeo.ecm.platform.ui.web.util.NuxeoExceptionInterceptor.aroundInvoke(NuxeoExceptionInterceptor.java:80)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
	at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
	at org.jboss.seam.core.SynchronizationInterceptor.aroundInvoke(SynchronizationInterceptor.java:35)
	at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
	at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107)
	at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:196)
	at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:114)
	at org.nuxeo.ecm.webapp.security.UserSuggestionActionsBean_$$_javassist_seam_73.getUserInfo(UserSuggestionActionsBean_$$_javassist_seam_73.java)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:335)
	at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:280)
	at org.jboss.el.parser.AstMethodSuffix.getValue(AstMethodSuffix.java:59)
	at org.jboss.el.parser.AstValue.getValue(AstValue.java:67)
	at org.jboss.el.parser.AstChoice.getValue(AstChoice.java:29)
	at org.jboss.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:186)
	at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:109)
	at org.jboss.el.parser.AstIdentifier.getValue(AstIdentifier.java:40)
	at org.jboss.el.parser.AstValue.getValue(AstValue.java:63)
	at org.jboss.el.parser.AstEqual.getValue(AstEqual.java:21)
	at org.jboss.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:186)
	at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:109)
	at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:194)
	at javax.faces.component.UIComponentBase.isRendered(UIComponentBase.java:457)
	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1851)
	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1860)
	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1860)
	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1860)
	at com.sun.faces.facelets.component.RepeatRenderer.encodeChildren(RepeatRenderer.java:104)
	at com.sun.faces.facelets.component.UIRepeat.process(UIRepeat.java:621)
	at com.sun.faces.facelets.component.UIRepeat.encodeChildren(UIRepeat.java:1110)
	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1857)
	at javax.faces.render.Renderer.encodeChildren(Renderer.java:176)
	at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:889)
	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1857)
	at org.richfaces.renderkit.RendererBase.renderChildren(RendererBase.java:282)
	at org.richfaces.renderkit.html.AjaxOutputPanelRenderer.doEncodeChildren(AjaxOutputPanelRenderer.java:57)
	at org.richfaces.renderkit.RendererBase.encodeChildren(RendererBase.java:158)
	at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:889)
	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1857)
	at org.richfaces.renderkit.RendererBase.renderChildren(RendererBase.java:282)
	at org.richfaces.renderkit.html.AjaxOutputPanelRenderer.doEncodeChildren(AjaxOutputPanelRenderer.java:57)
	at org.richfaces.renderkit.RendererBase.encodeChildren(RendererBase.java:158)
	at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:889)
	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1857)
	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1860)
	at org.richfaces.renderkit.RendererBase.renderChildren(RendererBase.java:282)
	at org.richfaces.renderkit.html.AjaxOutputPanelRenderer.doEncodeChildren(AjaxOutputPanelRenderer.java:57)
	at org.richfaces.renderkit.RendererBase.encodeChildren(RendererBase.java:158)
	at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:889)
	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1857)
	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1860)
	at org.richfaces.renderkit.RendererBase.renderChildren(RendererBase.java:282)
	at org.richfaces.renderkit.html.AjaxOutputPanelRenderer.doEncodeChildren(AjaxOutputPanelRenderer.java:57)
	at org.richfaces.renderkit.RendererBase.encodeChildren(RendererBase.java:158)
	at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:889)
	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1857)
	at com.sun.faces.context.PartialViewContextImpl$PhaseAwareVisitCallback.visit(PartialViewContextImpl.java:599)
	at org.richfaces.context.MetaComponentEncodingVisitCallback.visit(MetaComponentEncodingVisitCallback.java:83)
	at org.richfaces.context.BaseExtendedVisitContext.invokeVisitCallback(BaseExtendedVisitContext.java:103)
	at org.richfaces.context.ExtendedRenderVisitContext.invokeVisitCallback(ExtendedRenderVisitContext.java:65)
	at javax.faces.component.UIComponent.visitTree(UIComponent.java:1690)
	at javax.faces.component.UIComponent.visitTree(UIComponent.java:1701)
	at javax.faces.component.UIComponent.visitTree(UIComponent.java:1701)
	at javax.faces.component.UIComponent.visitTree(UIComponent.java:1701)
	at javax.faces.component.UIComponent.visitTree(UIComponent.java:1701)
	at javax.faces.component.UIComponent.visitTree(UIComponent.java:1701)
	at javax.faces.component.UIComponent.visitTree(UIComponent.java:1701)
	at javax.faces.component.UIComponent.visitTree(UIComponent.java:1701)
	at javax.faces.component.UIComponent.visitTree(UIComponent.java:1701)
	at javax.faces.component.UIComponent.visitTree(UIComponent.java:1701)
	at javax.faces.component.UIComponent.visitTree(UIComponent.java:1701)
	at javax.faces.component.UIComponent.visitTree(UIComponent.java:1701)
	at com.sun.faces.context.PartialViewContextImpl.processComponents(PartialViewContextImpl.java:406)
	at com.sun.faces.context.PartialViewContextImpl.processPartial(PartialViewContextImpl.java:325)
	at org.richfaces.context.ExtendedPartialViewContext.processPartial(ExtendedPartialViewContext.java:264)
	at javax.faces.component.UIViewRoot.encodeChildren(UIViewRoot.java:1004)
	at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1857)
	at com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:435)
	at com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:133)
	at org.jboss.seam.jsf.SeamViewHandler.renderView(SeamViewHandler.java:188)
	at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:337)
	at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:120)
	at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
	at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:219)
	at javax.faces.webapp.FacesServlet.service(FacesServlet.java:647)
	... 63 more
Caused by: java.text.ParseException: Parser failure on filter:
	(&(objectClass=inetOrgPerson)(uid=user*7*))
Antlr exception trace:
expecting VALUEENCODING, found ')'
	at org.apache.directory.shared.ldap.filter.FilterParserImpl.parse(FilterParserImpl.java:156)
	at org.nuxeo.ecm.directory.ldap.LDAPFilterMatcher.match(LDAPFilterMatcher.java:76)
	... 178 more

        Attachments

          Issue Links

          is required by

          New Feature - A new feature of the product, which has yet to be developed. NXBT-2070 create docker-compose files for H2 multidir configurations

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 5 hours
                  5h