PDA

View Full Version : Filter Error


pc1oad1etter
04-24-2008, 05:54 PM
I've looked at the two other "filter error" threads and didn't find a solution there for what I have.

I am able to log in through LDAP, but when I try to add a group via LDAP, I get an "Filter Error".

My settings
userquery UID=$1
groupqueryall (objectClass=posixGroup)
hostname 127.0.0.1:MYPORT
searchbase OU=people,DC=MYDOMAIN,DC=org
groupquery (&(objectClass=posixGroup)(uid=$1))
bindingdn UID=$1,OU=people,DC=MYDOMAIN,DC=org

I have tried removing the amp; encoding when I save that, with the same results.

The dekiwiki.log entry
2008-04-24 13:32:47,315 [58784656] ERROR MindTouch.Dream.DreamFeatureChain - handler for GET:local://MYUSERNAME:xxx@dd4996186c42d39036ff7edd1c0c58/deki/services/default/24/groups/developers failed (MindTouch.Deki.Services.LdapAuthenticationService !GetGroupInfo)()
LdapLocalException: (87) Filter Error

LDAP Access log
[24/Apr/2008:13:32:46 -0400] conn=28 fd=65 slot=65 connection from 127.0.0.1 to 127.0.0.1
[24/Apr/2008:13:32:46 -0400] conn=28 op=0 BIND dn="UID=MYUSER,OU=people,DC=MYDOMAIN,DC=org" method=128 version=3
[24/Apr/2008:13:32:46 -0400] conn=28 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=MYUSER,ou=people,dc=MYDOMAIN,dc=org"
[24/Apr/2008:13:32:46 -0400] conn=28 op=1 UNBIND
[24/Apr/2008:13:32:46 -0400] conn=28 op=1 fd=65 closed - U1

Results of API calls through browser
http://wiki.MYDOMAIN.org/@api/deki/services/default/24/users/MYUSER
returns
<user name="MYUSER">
<ldap-dn>uid=MYUSERou=people,dc=MYDOMAINdc=org</ldap-dn>
<date.created>0001-01-01T05:00:00Z</date.created>
<firstname>MYNAME1</firstname>
<lastname>MYNAME2</lastname>
<phonenumber>MYPHONE</phonenumber>
<email>MYEMAIL</email>
<description/>
</user>

http://wiki.MYDOMAIN.org/@api/deki/services/default/24/groups/

<groups>

<group name="clients">
<ldap-dn>cn=clients,ou=people,dc=MYDOMAIN,dc=org</ldap-dn>
<date.created>0001-01-01T05:00:00Z</date.created>
</group>

<group name="developers">
<ldap-dn>cn=developers,ou=people,dc=MYDOMAIN,dc=org</ldap-dn>
<date.created>0001-01-01T05:00:00Z</date.created>
</group>
−...
</groups>

If I can provide any more info, let me know. I look forward to getting this fully functional!
MaxM
04-29-2008, 12:58 AM
So this error happens when querying for a given group?

Can you give me the text output from
http://hostname/@api/deki/services/default/24/groups/developers

Also, check your wiki's db service-config table for any &amp and replace it with &. I'm back now so I'm sure I'll run into you in irc :)
pc1oad1etter
05-01-2008, 06:44 PM
result of developers query is a filter error:
http://pastebin.mozilla.org/419475
if i edit the database directly to get read of the & encoding, and then run the developers query, i get a filter error:
http://pastebin.mozilla.org/419476

currently these are my settings:
searchbase DC=MYDOMAIN,DC=org
groupquery (&(cn=$1)(objectClass=groupOfUniqueNames))
bindingdn UID=$1,OU=people,DC=MYDOMAIN,DC=org
userquery UID=$1

To summarize my current state:
...@api/deki/services/default/24/users returns a 404
...@api/deki/services/default/24/users/USERNAME works
...@api/deki/services/default/24/groups works properly
...@api/deki/services/default/24/groups/GROUPNAME gives filter error

when i use "((&cn=Developers)(objectClass=groupOfUniqueNames))"
as the filter in the LDAP admin tool I use, it works.