Skip to content
This repository has been archived by the owner on May 14, 2024. It is now read-only.

Inconsistencies between filters api and filter string #927

Open
simon-kolkmann opened this issue Aug 4, 2023 · 1 comment
Open

Inconsistencies between filters api and filter string #927

simon-kolkmann opened this issue Aug 4, 2023 · 1 comment

Comments

@simon-kolkmann
Copy link

simon-kolkmann commented Aug 4, 2023

I refactored a filter from using a simple string to the newer filters api and I observed different behaviours:

This was my previous code:

const sAMAccountName = 'something'
const groupDN = 'CN=Something,OU=example,DC=foo,DC=bar'
const LDAP_MATCHING_RULE_IN_CHAIN = '1.2.840.113556.1.4.1941'

const opts = {
	filter: `(&(sAMAccountName=${sAMAccountName})(memberOf:${LDAP_MATCHING_RULE_IN_CHAIN}:=${groupDN}))`,
	scope: 'sub',
	attributes: ['cn']
}

ldapSearchClient.search('DC=foo,DC=bar', opts, (err, res) => {
  // -> emits a search entry
})

And that's the newer code:

import ldapjs from 'ldapjs'

const { AndFilter, EqualityFilter } = ldapjs

const sAMAccountName = 'something'
const groupDN = 'CN=Something,OU=example,DC=foo,DC=bar'
const LDAP_MATCHING_RULE_IN_CHAIN = '1.2.840.113556.1.4.1941'

const filter = new AndFilter({
	filters: [
		new EqualityFilter({
			attribute: 'sAMAccountName',
			value: sAMAccountName
		}),
		new EqualityFilter({
			attribute: `memberOf:${LDAP_MATCHING_RULE_IN_CHAIN}:`,
			value: groupDN
		})
	]
})

const opts = {
	filter,
	scope: 'sub',
	attributes: ['cn']
}

ldapSearchClient.search('DC=foo,DC=bar', opts, (err, res) => {
  // ->  does not emit a search entry
})

opts.filter.toString() returns the same string in both cases which looks fine to me?

opts.filter.toString() // -> (&(sAMAccountName=something)(memberOf:1.2.840.113556.1.4.1941:=CN=Something,OU=example,DC=foo,DC=bar))

Still, the responses from our active directory differ. That makes me think that ldapjs does not treat both kinds of filter in the exact same way.

EDIT: If I stringify the filter in the second example myself like this

const opts = {
	filter: filter.toString(),
	scope: 'sub',
	attributes: ['cn']
}

I also get a search entry back.

@jsumners
Copy link
Member

jsumners commented Aug 4, 2023

This certainly seems like a bug. Would you like to work on this issue? I would start by adding an integration test in https://github.com/ldapjs/node-ldapjs/tree/ac588a0fadd156de27622e9dd09101e1bead5d25/test-integration/client and stepping through it to see where the issue occurs.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
Status: Todo
Development

No branches or pull requests

2 participants