L3 - Default Environment (Required on creation):
camunda-runtime-7.17.1-ee
LDAP Authentication
Description (Required on creation; please attach any relevant screenshots, stacktraces, log files, etc. to the ticket):
I am trying to filter the list of LDAP groups in the group admin dashboard page using the "LIKE" operator. No matter what I put in, no groups ever show up in the results. I can only find a group using = and an exact match.
Steps to reproduce (Required on creation):
I was able to reproduce the bug reported by this customer following these steps (note I used a public LDAP: https://www.forumsys.com/2022/05/10/online-ldap-test-server/) :
- Connect Camunda to an LDAP server (my default.yml is below with a test ldap setup)
- Log in with any user that has admin access (in my case newton/password)
- Go to Groups
- Try to search using 'Name LIKE Math' - no results returned
Are you able to confirm this bug?
camunda.bpm:
run:
cors:
enabled: true
allowed-origins: "*"
example:
enabled: true
ldap:
enabled: true
server-url: ldap://ldap.forumsys.com:389
administrator-group-name: camunda-admin
accept-untrusted-certificates: true
manager-dn: cn=read-only-admin,dc=example,dc=com
manager-password: password
base-dn: dc=example,dc=com
user-search-base: ''
user-search-filter: (objectclass=inetOrgPerson)
user-id-attribute: uid
user-firstname-attribute: cn
user-lastname-attribute: sn
user-email-ttribute: mail
user-password-attribute: userpassword
group-search-base: ''
group-search-filter: (objectclass=groupOfUniqueNames)
group-id-attribute: cn
group-name-attribute: cn
group-member-attribute: uniqueMember
sort-control-supported: false
Observed Behavior (Required on creation):
No groups are matched by the search
Expected behavior (Required on creation):
Groups should be found using LIKE
Root Cause (Required on prioritization):
We are sending a request with "%<searchString>%" to the backend. This is fine for DB-based groups. For LDAP however, we would have to use "*" instead of "%".
Solution Ideas (Optional):
- We make the webapps aware of what the wildcard character of the identity provider is
- We let the LDAP identity provider convert % to * in the like query parameters of user and group queries
- The web apps should not send the wildcarded LIKE String including "%" but rather the raw input from users. The backend has to take care of adding the right LIKE wildcards. => Careful: this would probably break the API
Hints (optional):
This is the controller panel for Smart Panels app
[CAM-14691] LIKE search does not return results for LDAP Groups
| Link | New: This issue is related to SUPPORT-13729 [ SUPPORT-13729 ] |
| Labels | Original: camunda-runtime | New: SUPPORT |
| Attachment | Original: Camunda Group Like Not working.docx [ 52286 ] |
| Description |
Original:
h3. Environment (Required on creation):
camunda-runtime-7.17.1-ee LDAP Authentication h3. Description (Required on creation; please attach any relevant screenshots, stacktraces, log files, etc. to the ticket): I am trying to filter the list of LDAP groups in the group admin dashboard page using the "LIKE" operator. No matter what I put in, no groups ever show up in the results. I can only find a group using = and an exact match. h3. Steps to reproduce (Required on creation): I was able to reproduce the bug reported by this customer following these steps (note I used a public LDAP: [https://www.forumsys.com/2022/05/10/online-ldap-test-server/)] : # Connect Camunda to an LDAP server (my default.yml is below with a test ldap setup) # Log in with any user that has admin access (in my case newton/password) # Go to Groups # Try to search using 'Name LIKE Math' - no results returned Are you able to confirm this bug? ---- camunda.bpm: run: cors: enabled: true allowed-origins: "*" example: enabled: true ldap: enabled: true server-url: ldap://ldap.forumsys.com:389 administrator-group-name: camunda-admin accept-untrusted-certificates: true manager-dn: cn=read-only-admin,dc=example,dc=com manager-password: password base-dn: dc=example,dc=com user-search-base: '' user-search-filter: (objectclass=inetOrgPerson) user-id-attribute: uid user-firstname-attribute: cn user-lastname-attribute: sn user-email-ttribute: mail user-password-attribute: userpassword group-search-base: '' group-search-filter: (objectclass=groupOfUniqueNames) group-id-attribute: cn group-name-attribute: cn group-member-attribute: uniqueMember sort-control-supported: false h3. Observed Behavior (Required on creation): No groups are matched by the search h3. Expected behavior (Required on creation): Groups should be found using LIKE h3. Root Cause (Required on prioritization): We are sending a request with "%<searchString>%" to the backend. This is fine for DB-based groups. For LDAP however, we would have to use "*" instead of "%". The web apps should not send the wildcarded LIKE String including "%" but rather the raw input from users. The backend has to take care of adding the right LIKE wildcards. h3. Solution Ideas (Optional): h3. Hints (optional): |
New:
h3. Environment (Required on creation):
camunda-runtime-7.17.1-ee LDAP Authentication h3. Description (Required on creation; please attach any relevant screenshots, stacktraces, log files, etc. to the ticket): I am trying to filter the list of LDAP groups in the group admin dashboard page using the "LIKE" operator. No matter what I put in, no groups ever show up in the results. I can only find a group using = and an exact match. h3. Steps to reproduce (Required on creation): I was able to reproduce the bug reported by this customer following these steps (note I used a public LDAP: [https://www.forumsys.com/2022/05/10/online-ldap-test-server/)] : # Connect Camunda to an LDAP server (my default.yml is below with a test ldap setup) # Log in with any user that has admin access (in my case newton/password) # Go to Groups # Try to search using 'Name LIKE Math' - no results returned Are you able to confirm this bug? ---- camunda.bpm: run: cors: enabled: true allowed-origins: "*" example: enabled: true ldap: enabled: true server-url: ldap://ldap.forumsys.com:389 administrator-group-name: camunda-admin accept-untrusted-certificates: true manager-dn: cn=read-only-admin,dc=example,dc=com manager-password: password base-dn: dc=example,dc=com user-search-base: '' user-search-filter: (objectclass=inetOrgPerson) user-id-attribute: uid user-firstname-attribute: cn user-lastname-attribute: sn user-email-ttribute: mail user-password-attribute: userpassword group-search-base: '' group-search-filter: (objectclass=groupOfUniqueNames) group-id-attribute: cn group-name-attribute: cn group-member-attribute: uniqueMember sort-control-supported: false h3. Observed Behavior (Required on creation): No groups are matched by the search h3. Expected behavior (Required on creation): Groups should be found using LIKE h3. Root Cause (Required on prioritization): We are sending a request with "%<searchString>%" to the backend. This is fine for DB-based groups. For LDAP however, we would have to use "*" instead of "%". h3. Solution Ideas (Optional): * We make the webapps aware of what the wildcard character of the identity provider is * We let the LDAP identity provider convert % to * in the like query parameters of user and group queries * The web apps should not send the wildcarded LIKE String including "%" but rather the raw input from users. The backend has to take care of adding the right LIKE wildcards. => *Careful*: this would probably break the API h3. Hints (optional): |
| Remote Link | New: This issue links to "Page (camunda confluence)" [ 17515 ] |
| Remote Link | Original: This issue links to "Page (camunda confluence)" [ 17515 ] |