0
Fixed

DN Creation not escaping LDAP Reserved Characters

Matthew Davis (Technical Product Manager) 8 years ago updated by anonymous 8 years ago 2

Client is reporting an issue with IdB 5.1.0 Rev 2 where DN creation is not escaping LDAP reserved characters, resulting in an exception being thrown on reflection attempt.

Exception message (truncated):

20170224,04:30:52,UNIFY Identity Broker,Adapter,Error,"Request to reflect change entities of the adapter.Request to reflect change entities of the COPP Class adapter (44f6b6c4-005e-420c-9331-21b04e0cbf77) adapter errored with message: Value 2 is not a valid hexadecimal number.Parameter name: sourceValue. Duration: 00:00:01.0537045
Error details:System.ArgumentException: Value 2 is not a valid hexadecimal number.Parameter name: sourceValue
at Unify.Framework.IO.DNComponentAttributeValueParserAdapter.Transform(String sourceValue)
The incoming data looks like this:
1\2 MS
1\2C

In IDB 3.0, the values were being escaped for DN creation:

"UID=COPP:1\\2 MS,DC=class class COPP COPP:1\2 MS"
"UID=COPP:1\\2C,DC=class class COPP COPP:1\2C"

In V3, the DN creation was set up as the following:

<dn>    
    <dnComponent name="Field" attributeType="CN" key="srksNumber"/>
    <dnComponent name="Constant" attributeType="DC" value="student"/>
</dn>

In V5, it is set up as follows:

<dn template="CN=[srksNumber]" />

Few other differences between the V3 and V5 setup for the client; V3 used custom connector while V5 is using OOTB SQL connector. I've attached the adapter configuration for both 3 and 5 to this issue.


AdapterEngine.extensibility.config.xml - v3 config

Unify.Product.IdentityBroker.AdapterEnginePlugInKey.extensibility.config.xml - v5 config


It's my understanding that the DN is meant to be automatically escaped for creation - is there a configuration step that has been missed in this case?


See Client Ticket for further details / attachments: https://unifysolutions.jira.com/browse/ACTDET-49

Answer

Answer
Fixed

Unify.Framework.IO.LDIF.dll

Patch attached, please confirm whether this fixes the issue.