Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-14691

LIKE search does not return results for LDAP Groups

    XMLWordPrintable

Details

    • Bug Report
    • Resolution: Unresolved
    • L3 - Default
    • None
    • 7.17.1
    • admin

    Description

      Environment (Required on creation):

      camunda-runtime-7.17.1-ee

      LDAP Authentication

      Description (Required on creation; please attach any relevant screenshots, stacktraces, log files, etc. to the ticket):

      I am trying to filter the list of LDAP groups in the group admin dashboard page using the "LIKE" operator. No matter what I put in, no groups ever show up in the results. I can only find a group using = and an exact match. 

      Steps to reproduce (Required on creation):

      I was able to reproduce the bug reported by this customer following these steps (note I used a public LDAP: https://www.forumsys.com/2022/05/10/online-ldap-test-server/) :

      1. Connect Camunda to an LDAP server (my default.yml is below with a test ldap setup)
      2. Log in with any user that has admin access (in my case newton/password)
      3. Go to Groups
      4. Try to search using 'Name LIKE Math' - no results returned

      Are you able to confirm this bug?

      camunda.bpm:
        run:

       cors:
            enabled: true
            allowed-origins: "*"

      example:
            enabled: true
          ldap:
            enabled: true
            server-url: ldap://ldap.forumsys.com:389
            administrator-group-name: camunda-admin
            accept-untrusted-certificates: true
            manager-dn: cn=read-only-admin,dc=example,dc=com
            manager-password: password
            base-dn: dc=example,dc=com
            user-search-base: ''
            user-search-filter: (objectclass=inetOrgPerson)
            user-id-attribute: uid
            user-firstname-attribute: cn
            user-lastname-attribute: sn
            user-email-ttribute: mail
            user-password-attribute: userpassword
            group-search-base: ''
            group-search-filter: (objectclass=groupOfUniqueNames)
            group-id-attribute: cn
            group-name-attribute: cn
            group-member-attribute: uniqueMember
            sort-control-supported: false

      Observed Behavior (Required on creation):

      No groups are matched by the search

      Expected behavior (Required on creation):

      Groups should be found using LIKE

      Root Cause (Required on prioritization):

      We are sending a request with "%<searchString>%" to the backend. This is fine for DB-based groups. For LDAP however, we would have to use "*" instead of "%".

      Solution Ideas (Optional):

      • We make the webapps aware of what the wildcard character of the identity provider is
      • We let the LDAP identity provider convert % to * in the like query parameters of user and group queries
      • The web apps should not send the wildcarded LIKE String including "%" but rather the raw input from users. The backend has to take care of adding the right LIKE wildcards. => Careful: this would probably break the API

      Hints (optional):

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Activity

            People

              Unassigned Unassigned
              neal.dennis Neal Dennis
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Salesforce