Univention Bugzilla – Bug 34276
"udm --filter" ignores syntax errors in filter string
Last modified: 2017-07-05 13:06:11 CEST
# udm users/user list --filter '(&(uid=Administrator)' | grep -c ^DN 7 # udm users/user list --filter '(&(uid=Administrator))' | grep -c ^DN 1 Notice the missing second closing parenthesis, which leads UDM to output all users instead of the only expected one. On the other hand there already seems to be some syntax checking in place: # udm users/user list --filter '(&(uid=' (&(uid= Bad search filter
The listener has its own code, which also evaluates the filter wrong: Bug #28646
I implemented the syntax class ldapFilter which is able to validate correctness of a filter. (univention.admin.filter.parse is very broken).
Created attachment 6953 [details] patch patch will result in: # udm users/user list --filter '(&(uid=Administrator)' Not a valid LDAP search filter.
(In reply to Florian Best from comment #3) > Created attachment 6953 [details] > patch > > patch will result in: > # udm users/user list --filter '(&(uid=Administrator)' > Not a valid LDAP search filter. Applied rebased patch: r 80745 univention-directory-manager-modules (12.0.17-44) * Bug #34276: Applied patch from Florian Best - Improve syntax check for udm --filter YAML: r 80746
OK: valid search filters are still detected OK: invalid search filters are rejected OK: YAML # udm users/user list --filter '(&(uid=Administrator)' Not a valid LDAP search filter. # echo $? 3
<http://errata.software-univention.de/ucs/4.2/79.html>