[jira] [Comment Edited] (CAMEL-18811) camel-ldap - InvalidSearchFilterException: invalid attribute description

Tue, 03 Jan 2023 10:20:09 -0800 


    [ 
https://issues.apache.org/jira/browse/CAMEL-18811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17654129#comment-17654129
 ] 

Claus Ibsen edited comment on CAMEL-18811 at 1/3/23 6:19 PM:
-------------------------------------------------------------

3.20.0 is not affected at all - whether or not the CVE is retracted, as it was 
not released before the CVE was public.

However it may be that this CVE database says 3.19.0 is affected and the 3rd 
item does not have an upper bound
https://nvd.nist.gov/vuln/detail/CVE-2022-45046#match-8689567


was (Author: davsclaus):
3.20.0 is not affected at all - whether or not the CVE is retracted

> camel-ldap - InvalidSearchFilterException: invalid attribute description
> ------------------------------------------------------------------------
>
>                 Key: CAMEL-18811
>                 URL: https://issues.apache.org/jira/browse/CAMEL-18811
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-ldap
>    Affects Versions: 3.14.7, 3.18.4
>         Environment: linux, jdk11, camel-main, camel-ldap, ActiveDirectory
>            Reporter: Christian Schubert-Huff
>            Assignee: Claus Ibsen
>            Priority: Minor
>             Fix For: 3.14.8, 3.18.5, 3.20.0
>
>
> We updated to camel 3.18.4 and this broke camel-ldap, running against 
> ActiveDirectory.
> Filter string is "(CN=USERID)". In 3.18.4, this gets escaped to 
> "\28CN=USERID\29" (changed by CAMEL-18696), which does not return a result, 
> but instead throws this exception:
> {code:java}
> javax.naming.directory.InvalidSearchFilterException: invalid attribute 
> description; remaining name 'OU=Std,OU=User,OU=ORG,DC=ad,DC=example,DC=com'
>         at java.naming/com.sun.jndi.ldap.Filter.encodeSimpleFilter(Unknown 
> Source)
>         at java.naming/com.sun.jndi.ldap.Filter.encodeFilter(Unknown Source)
>         at java.naming/com.sun.jndi.ldap.Filter.encodeFilterString(Unknown 
> Source)
>         at java.naming/com.sun.jndi.ldap.LdapClient.search(Unknown Source)
>         at java.naming/com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)
>         at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
>         at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
>         at 
> java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown 
> Source)
>         at 
> java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown
>  Source)
>         at 
> java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown
>  Source)
>         at 
> java.naming/javax.naming.directory.InitialDirContext.search(Unknown Source)
>         at 
> org.apache.camel.component.ldap.LdapProducer.simpleSearch(LdapProducer.java:129)
>         at 
> org.apache.camel.component.ldap.LdapProducer.process(LdapProducer.java:83)
> {code}
> The same filter string used to work fine in 3.18.1



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to