Bad search filter on LDAP when trying to get user data
In order to use parentheses in the assertion value of a filter the parenthese must be escaped. A search filter where the assertion value is samAccountName=(jtesting)
should be encoded as samAccountName=\28jtesting\29
. The entire assertion value may be enclosed in parentheses which are not escaped, in which case the filter becomes (samAccountName=\28jtesting\29)
.
More Information
Carey Estes
I'm a UI/UX Designer, Frontend Dev, and Disc Golfer. I am not a professional at either.
Updated on June 11, 2022Comments
-
Carey Estes almost 2 years
I am fresh out of the box here with LDAP, so let me know if I am doing this in the completely wrong fashion.
I am working with Symfony 1.4 using the bhLDAPAuthPlugin plugin
I am verifying user login with LDAP. However, there is more data in the LDAP table that I would like to query using the username. So I am writing this search function to filter results according to the username:
function user_values($username) { if (!$username) { die ("Username is not there man!"); } if (!$this->_conn) { die ("No Connection."); } if (!$this->_base_dn) { die ("No Base."); } $filter="samaccountname=".$username; $attributes_ad = array("name"); $result = ldap_search($this->_conn, $this->_base_dn, $filter, $attributes_ad) or die ("Error in search query"); $entries = ldap_get_entries($this->_conn, $result); return($entries); }
I am getting the error:
Warning: ldap_search(): Search: Bad search filter in /... Error in search query
when i run the query.
The first three "if's" are there just to assure I was getting the correct parameters for the search. The condition fails on the actual search.
Any suggestions?
UPDATE
The username variable is jtesting
I pulled the $username from the function, before it gets put in the search parameter. It is actually (jtesting). I am going to remove the parenthesis, and see if that remedies the problem.
-
DaveRandom almost 12 years+1 I thought this was the most likely answer. Useful link: stackoverflow.com/questions/8560874/… :-D
-
Carey Estes almost 12 yearsIt was the parenthesis. Once those were removed, the search completed successfully.