Operational Defect Database
BugZero found this defect 1623 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000g4m0SAA
AuthPoint advanced queries fail when they include special characters
Last update date:
11/16/2020
Affected products:
AuthPoint
Affected releases:
All
AuthPoint
Fixed releases:
All
Description:
Issue
If your LDAP or Active Directory advanced query includes a special character symbol, such as CN=Container++,DC=Example,DC=com, the query fails. LDAP and Active Directory consider these symbols to be special characters: , -- comma \ -- backslash # -- pound/hash sign < -- less than > -- greater than ; -- semicolon " -- quotation mark + -- plus sign = -- equal sign Note: This issue will not be fixed at this time. To avoid this issue, see the workaround.
Workaround/Solution
To perform these queries, you must escape the special characters. In the examples below, our groups are in an OU called AuthPoint and our domain is example.com. Example 1: Non-group Query with a Backslash If your advanced query is not a group query (it does not include "memberOf") and the CN includes a backslash, such as CN=user\1, you must add an extra backslash to the query before the backslash special character. Example: If the CN of your user is CN=user\1, you must format the CN in your query as CN=user\\1. Example 2: Group Query with a Backslash If your advanced query is a group query (it includes “memberOf”) and the CN of the group includes a backslash (\), such as CN=group\1, Active Directory adds an extra backslash. In your query, you must add three backslashes (one to match the backslash added by Active Directory and two more to escape the backslashes). Example: If the CN of your group is CN=group\1, you must format the CN in your query as CN=group\\\\1. In this example, the full advanced query is memberOf=CN=group\\\\1,OU=AuthPoint,DC=example,DC=com. Example 3: Group Query with a Quotation Mark If your advanced query is a group query (it includes “memberOf”) and the CN of the group includes a quotation mark, such as CN=group"1, you must add two backslashes to escape the quotation mark. Example: If the CN of your group is CN=group"1, you must format the CN in your query as CN=group\\1". In this example, the full advanced query is memberOf=CN=group\\\\1,OU=AuthPoint,DC=example,DC=com. Example 4: Group Query with a Different Special Character If your advanced query is a group query (it includes "memberOf”) and the CN of the group includes a special character that is not a backslash or quotation mark ( , # < > ; + = ), you must enclose the group name in quotation marks "". Example: If the CN of your group is CN=group>1, you must format the CN in your query as CN=”group>1”. In this example, the full advanced query is memberOf=CN=”group>1”,OU=AuthPoint,DC=example,DC=com.
