Skip to content
This repository has been archived by the owner on May 14, 2024. It is now read-only.

LDAPJS Server: when searching, I need to request in lowercase attributes in order to get mixed-case attributes #974

Open
mgx0 opened this issue Apr 10, 2024 · 1 comment
Open

LDAPJS Server: when searching, I need to request in lowercase attributes in order to get mixed-case attributes #974

mgx0 opened this issue Apr 10, 2024 · 1 comment

Comments

@mgx0
Copy link

mgx0 commented Apr 10, 2024
edited
Loading

i have a function that generates LDAP User object from data received from Keycloak and sends it via search response. commented are problematic:

const fabricatedObject = {
      dn: 'uid=' + keycloakUser.username + ',ou=' + keycloakUser.attributes.ou + ',o=organization',
      attributes: {
        objectClass: ['person', 'top', 'organizationalPerson', 'inetOrgPerson', 'posixAccount'], // PROBLEMATIC
        cn: keycloakUser.firstName + ' ' + keycloakUser.lastName,
        displayName: keycloakUser.firstName + ' ' + keycloakUser.lastName, // PROBLEMATIC
        givenName: keycloakUser.firstName, // PROBLEMATIC
        sn: keycloakUser.lastName,
        ou: (keycloakUser.attributes.ou || "none"),
        mail: keycloakUser.email.toString(),
        uid: keycloakUser.username.toString(),
        entryUUID: keycloakUser.attributes.LDAP_ID || keycloakUser.id, // PROBLEMATIC
        keycloakId: keycloakUser.id.toString(), // PROBLEMATIC
        ldapId: (keycloakUser.attributes.LDAP_ID || "none").toString() // PROBLEMATIC
      },

this does not return entryUUID nor ldapId (applies for all bold marked above):
ldapsearch -H ldap://localhost:10389 -x -b o=organization -D BINDUSER -w BINDPASS "(uid=*)" "mail" "entryUUID" "ldapId"

but this does (and mixed-case entryUUID and ldapId is received:
ldapsearch -H ldap://localhost:10389 -x -b o=organization -D BINDUSER -w BINDPASS "(uid=*)" "mail" "entryuuid" "ldapid"

the point is, that specifying exact case of "entryUUID" is wrong. I have to ask for lowercase "entryuuid" in order to receive attribute "entryUUID" with it's value

this is easily fixable, can I offer a quick PR for this? I believe it's not intended behaviour, as clients shall be able to use upper or lowercase attribute names.
LDAP Attributes are case insensitive, so I believe searching for "ENTRYUUID", "entryuuid" and "entryUUID" shall always return the entryUUID that's defined in the generator function above.
@mgx0 mgx0 changed the title LDAPJS Server: when searching, I need to request in lowercase in order to get mixed-case attributes LDAPJS Server: when searching, I need to request in lowercase attributes in order to get mixed-case attributes Apr 10, 2024
@mgx0
Copy link
Author

mgx0 commented Apr 10, 2024
edited
Loading

two commented lines resolve this problem. file search_response.js, starting line 57

Object.keys(entry.attributes).forEach(function (a) {
      const _a = a.toLowerCase()
      const lowerCaseAttributes = self.attributes.map(attr => attr.toLowerCase()) // create an array of lowercase attributes
      if (!nofiltering && _a.length && _a[0] === '_') {
        savedAttrs[a] = entry.attributes[a]
        delete entry.attributes[a]
      } else if (!nofiltering && self.notAttributes.indexOf(_a) !== -1) {
        savedAttrs[a] = entry.attributes[a]
        delete entry.attributes[a]
      } else if (all) {
        // do nothing
      } else if (self.attributes.length && lowerCaseAttributes.indexOf(_a) === -1) { // compare lowercase to lowercase to make sure we don't remove attribute only because of different case
        savedAttrs[a] = entry.attributes[a]
        delete entry.attributes[a]
      }
    })

@BitPatty BitPatty mentioned this issue Apr 18, 2024
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mgx0