EKantyshev Frequent Contributor.
Frequent Contributor.
246 views

IDM 4.7. Dynamic Group Filter - some attributes disappear aftrer saving

Hi All,

During Dynamic Group creation from iManager I create several queries. When I create a query with the following filter: (&(objectClass=Person)(title=Сотрудник приемной председателя)) and press "Apply" button, I get several users in the Query Results field. Looks OK so far.

But when I save the group (by pressing OK button) and then edit it again I see that the "title" attribute in my filter is empty: (&(objectClass=Person)(title=))

Why does this happen?

Labels (1)
Tags (2)
0 Likes
6 Replies
dbuschke Super Contributor.
Super Contributor.

Re: IDM 4.7. Dynamic Group Filter - some attributes disappear aftrer saving

Hi,
I can reproduce this in iManager 3.1.4. Are we sure that dynamic query is able to store Unicode characters? Should, but can it?

BTW: German umlautz are working.

regards
Daniel

0 Likes
EKantyshev Frequent Contributor.
Frequent Contributor.

Re: IDM 4.7. Dynamic Group Filter - some attributes disappear aftrer saving

Hi Daniel,

I have another query within the same dynamic group:
(&(title=Помощник судьи)(objectClass=Person))

And it works fine - nothing disappears after saving. According to this, I assume that a dynamic query is able to store Unicode.

Best regards,
Eugene
0 Likes
Knowledge Partner
Knowledge Partner

Re: IDM 4.7. Dynamic Group Filter - some attributes disappear aftrer saving

You should be able to store these values in a query. I am pretty confident that eDirectory supports this also. They do however need to be escaped.
One must to convert to UTF-8 hex pairs and then escape each hex pair with a backslash.
If iManager is not handling this conversion properly, then I'd raise a service request to get a build that works properly.

Try to create a dummy filter via iManager, then edit the value directly in a LDAP browser (Apache DS for example) paste in this, for example.

(&(title=\D0\A1\D0\BE\D1\82\D1\80\D1\83\D0\B4\D0\BD\D0\B8\D0\BA\20\D0\BF\D1\80\D0\B8\D0\B5\D0\BC\D0\BD\D0\BE\D0\B9\20\D0\BF\D1\80\D0\B5\D0\B4\D1\81\D0\B5\D0\B4\D0\B0\D1\82\D0\B5\D0\BB\D1\8F)(objectClass=Person))

Note that the MemberQueryURL has a bunch of stuff appended before and after the LDAP filter part, don't replace the entire value, just the dummy query.

Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
EKantyshev Frequent Contributor.
Frequent Contributor.

Re: IDM 4.7. Dynamic Group Filter - some attributes disappear aftrer saving

Hi Alex,

I see that the working query (&(title=Помощник судьи)(objectClass=Person)) looks like this in LDAP browser

ldap:///OU=users,O=data??sub?(&(objectClass=Person)(title=%5cd0%5c9f%5cd0%5cbe%5cd0%5cbc%5cd0%5cbe%5cd1%5c89%5cd0%5cbd%5cd0%5cb8%5cd0%5cba%20%5cd1%5c81%5cd1%5c83%5cd0%5cb4%5cd1%5c8c%5cd0%5cb8))

So, I assume the '\' symbol must be presented as %5c.

I took your query and replaced '\' to %5c: ldap:///OU=users,O=data??sub?(&(title=%5cd0%5ca1%5cd0%5cbe%5cd1%5c82%5cd1%5c80%5cd1%5c83%5cd0%5cb4%5cd0%5cbd%5cd0%5cb8%5cd0%5cba%5c20%5cd0%5cbf%5cd1%5c80%5cd0%5cb8%5cd0%5cb5%5cd0%5cbc%5cd0%5cbd%5cd0%5cbe%5cd0%5cb9%5c20%5cd0%5cbf%5cd1%5c80%5cd0%5cb5%5cd0%5cb4%5cd1%5c81%5cd0%5cb5%5cd0%5cb4%5cd0%5cb0%5cd1%5c82%5cd0%5cb5%5cd0%5cbb%5cd1%5c8f)(objectClass=Person))

But when I try to paste this into the memberQueryURL attribute by using LDAP browser I encounter the following scenarios:

#1.

- Create a dummy query. It looks like this: ldap:///OU=users,O=data??sub?(&(objectClass=*))

- (by using Hex Editor - Edit as Text widget in Apache DS) paste the following query: 

ldap:///OU=users,O=data??sub?(&(title=%5cd0%5ca1%5cd0%5cbe%5cd1%5c82%5cd1%5c80%5cd1%5c83%5cd0%5cb4%5cd0%5cbd%5cd0%5cb8%5cd0%5cba%5c20%5cd0%5cbf%5cd1%5c80%5cd0%5cb8%5cd0%5cb5%5cd0%5cbc%5cd0%5cbd%5cd0%5cbe%5cd0%5cb9%5c20%5cd0%5cbf%5cd1%5c80%5cd0%5cb5%5cd0%5cb4%5cd1%5c81%5cd0%5cb5%5cd0%5cb4%5cd0%5cb0%5cd1%5c82%5cd0%5cb5%5cd0%5cbb%5cd1%5c8f)(objectClass=Person))

- I can successfully save this query. But after saving the title value disappears again. I get: ldap:///OU=users,O=data??sub?(&(objectClass=Person)(title=))

#2.

If I try to correct the query again I can get the following errors:

Error while executing LDIF
- [LDAP: error code 16 - NDS error: no such value (-602)]
java.lang.Exception: [LDAP: error code 16 - NDS error: no such value (-602)]
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkResponse(DirectoryApiConnectionWrapper.java:1374)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$9(DirectoryApiConnectionWrapper.java:1342)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$4.run(DirectoryApiConnectionWrapper.java:736)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1269)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkConnectionAndRunAndMonitor(DirectoryApiConnectionWrapper.java:1205)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.modifyEntry(DirectoryApiConnectionWrapper.java:758)
at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdifRecord(ImportLdifRunnable.java:515)
at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdif(ImportLdifRunnable.java:272)
at org.apache.directory.studio.ldapbrowser.core.jobs.ExecuteLdifRunnable.executeLdif(ExecuteLdifRunnable.java:157)
at org.apache.directory.studio.ldapbrowser.core.jobs.ExecuteLdifRunnable.run(ExecuteLdifRunnable.java:123)
at org.apache.directory.studio.ldapbrowser.core.jobs.UpdateEntryRunnable.run(UpdateEntryRunnable.java:59)
at org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:116)
at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:119)

[LDAP: error code 16 - NDS error: no such value (-602)]

 

OR 

 

Error while executing LDIF
- [LDAP: error code 21 - NDS error: no additional information available (-306)]
java.lang.Exception: [LDAP: error code 21 - NDS error: no additional information available (-306)]
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkResponse(DirectoryApiConnectionWrapper.java:1374)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$9(DirectoryApiConnectionWrapper.java:1342)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$4.run(DirectoryApiConnectionWrapper.java:736)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1269)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkConnectionAndRunAndMonitor(DirectoryApiConnectionWrapper.java:1205)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.modifyEntry(DirectoryApiConnectionWrapper.java:758)
at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdifRecord(ImportLdifRunnable.java:515)
at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdif(ImportLdifRunnable.java:272)
at org.apache.directory.studio.ldapbrowser.core.jobs.ExecuteLdifRunnable.executeLdif(ExecuteLdifRunnable.java:157)
at org.apache.directory.studio.ldapbrowser.core.jobs.ExecuteLdifRunnable.run(ExecuteLdifRunnable.java:123)
at org.apache.directory.studio.ldapbrowser.core.jobs.UpdateEntryRunnable.run(UpdateEntryRunnable.java:59)
at org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:116)
at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:119)

[LDAP: error code 21 - NDS error: no additional information available (-306)]

 

Regards,

Eugene

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: IDM 4.7. Dynamic Group Filter - some attributes disappear aftrer saving

Ok, here is a solution.

I have tested this with relatively recent environment eDir 9.1.4 / IDM 4.7.2 / iManager 3.1.3

Generated the correctly escaped LDAP query by using a simple PowerShell script.

$CyrillicString = 'Помощник судьи'
$dummyFilter = 'ldap:///OU=Users,OU=Data,O=IDV??sub?(&(title={0})(objectClass=Person))'

$EscapedUTF8StrArray = [System.Text.Encoding]::UTF8.GetBytes($CyrillicString)|ForEach-Object { "\{0:X2}" -f $( $_ -as [int16] ) }
Write-Host ($dummyFilter -f (-join $EscapedUTF8StrArray))

Using Apache Directory Studio right click on memberQueryURL and select "edit Value With" and choose "in-place text editor". Then simply paste the line generated by the powershell script in here, hit enter to save.

When I view this dynamic group in iManager, the preview shows the correct Cyrillic text, but when I try and edit it with the leftmost icon "advanced selection criterion" , then I get gibberish.

If I edit with the rightmost button "Edit item", I can edit and the changes are saved correctly.

So.. it at least partly works in iManager 3.1.3 or with above script you can easily generate your own encoded queries.

Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
EKantyshev Frequent Contributor.
Frequent Contributor.

Re: IDM 4.7. Dynamic Group Filter - some attributes disappear aftrer saving

Hi Alex,

Thanks for your solution. Also, microfocus tech support confirmed that there is some kind of "cosmetic" bug. Even though some values seem to have disappeared from memberQueryUrl, in fact, the query still works as expected (that's what matters). The only inconvenience is that you can't see the query in iManager (and even by using LDAP browser) correctly.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.