Univention Bugzilla – Full Text Bug Listing |
Summary: | univention-adsearch displays binary code resulting in unreadable screen | ||
---|---|---|---|
Product: | UCS | Reporter: | Christian Völker <voelker> |
Component: | AD Connector | Assignee: | Felix Botner <botner> |
Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
Severity: | normal | ||
Priority: | P5 | CC: | andree.hingst, best, botner, grandjean, requate, scheinig, stephan.hendl |
Version: | UCS 4.3 | ||
Target Milestone: | UCS 4.3-2-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 4: Minor Usability: Impairs usability in secondary scenarios |
Who will be affected by this bug?: | 3: Will affect average number of installed domains | How will those affected feel about the bug?: | 2: A Pain – users won’t like this once they notice it |
User Pain: | 0.137 | Enterprise Customer affected?: | Yes |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Yes | Flags outvoted (downgraded) after PO Review: | |
Ticket number: | 2018102921000284 | Bug group (optional): | |
Max CVSS v3 score: | |||
Attachments: | b64.diff |
Description
Christian Völker
2018-10-30 12:56:37 CET
univention-adesearch should use ldif.LDIFWriter for output with a suitable list of base64_attrs. Alternatively it should be re-implemented as just a wrapper of ldapsearch (or ldbsearch, like univention-s4search), which would simultaneously fix Bug 43319, Bug 43189, Bug 35504. Affected attributes reported: msExchMailboxSecurityDescriptor msExchSafeSendersHash userCert thumbnailPhoto logonHours msExchMailboxGuid see also the list in the encode_s4_object method of the S4-Connector. *** Bug 43319 has been marked as a duplicate of this bug. *** The small step for now, no ldbsearch, there is too much going on with SSL/kerberos authentication in univention-adsearch, i dont' want to mess with right now. fixed now by base64 encode every non-printable attribute, also, i removed the replace_filter function, seems to make no difference 488212ced044ca5bb6278750bc724dba88f9efb2 - univention-ad-connector 252e48eeb342ebe7960b2537c41f849539f8578b - yaml Ok, much better. There are still corner cases of attributes with Active Directory attributeSyntax 2.5.5.10 (octetstring), which are 8bit and may or may not be printable. The ldapsearch source code seems to check the values for printability and encode accordingly: ======================================================================== # # univention-adsearch # filter: (|(auditingPolicy=*)(dnsRecord=*)) # DN: DC=w2k8r2d2ar,DC=net auditingPolicy: ^@^A DN: DC=@,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=w2k8r2d2ar,DC=net dnsRecord: ^V^@^B^@^E^H^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^T^C^Ag^Lroot-servers^Cnet^@ dnsRecord: ^V^@^B^@^E^H^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^T^C^Ab^Lroot-servers^Cnet^@ dnsRecord: ^V^@^B^@^E^H^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^T^C^Ae^Lroot-servers^Cnet^@ dnsRecord: ^V^@^B^@^E^H^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^T^C^Ad^Lroot-servers^Cnet^@ DN: DC=d.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=w2k8r2d2ar,DC=net dnsRecord: BAABAAUIAAAAAAAAAAAAAAAAAAAAAAAAxwdbDQ== DN: DC=e.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=w2k8r2d2ar,DC=net dnsRecord: BAABAAUIAAAAAAAAAAAAAAAAAAAAAAAAwMvmCg== DN: DC=b.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=w2k8r2d2ar,DC=net dnsRecord: BAABAAUIAAAAAAAAAAAAAAAAAAAAAAAAxwkOyQ== DN: DC=g.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=w2k8r2d2ar,DC=net dnsRecord: BAABAAUIAAAAAAAAAAAAAAAAAAAAAAAAwHAkBA== ======================================================================== Strangely, some dnsRecord entries are encoded, others not. Doing the same with ldapsearch returns all values base64-encoded: ldapsearch -H ldap://10.200.8.126 -D Administrator@W2K8R2D2AR.NET \ -w Univention.1 -b DC=w2k8r2d2ar,DC=net \ '(|(auditingPolicy=*)(dnsRecord=*))' auditingPolicy dnsRecord Added special (base64 encode) handling for dnsRecord and auditingPolicy, We should definitely switch to ldbsearch, but i think we need a minor update for that Created attachment 9752 [details]
b64.diff
I think we need to output the base64-encoded values with "::", see attached patch.
fixed Verified: * univention-adsearch output is UTF-8 (verified by running "file" on it) * decoding works: univention-adsearch | ldapsearch-wrapper | ldapsearch-decode64 * objectGUID is now displayed properly * Advisory: Ok |