server: fix handling of present filters

If the filter name was not in the list of attributes to return, it
wouldn't be counted as a valid attribute, meaning that the aliases of
attributes were not recognized.

Fixes #351
This commit is contained in:
Valentin Tolmer 2022-10-26 09:22:34 +02:00 committed by nitnelave
parent 201e3a93eb
commit 234cb70b97
3 changed files with 20 additions and 2 deletions

View File

@ -163,7 +163,7 @@ fn convert_group_filter(
if field == "objectclass" if field == "objectclass"
|| field == "dn" || field == "dn"
|| field == "distinguishedname" || field == "distinguishedname"
|| ALL_GROUP_ATTRIBUTE_KEYS.contains(&field.as_str()) || map_group_field(field).is_some()
{ {
Ok(GroupRequestFilter::And(vec![])) Ok(GroupRequestFilter::And(vec![]))
} else { } else {

View File

@ -167,7 +167,7 @@ fn convert_user_filter(ldap_info: &LdapInfo, filter: &LdapFilter) -> LdapResult<
if field == "objectclass" if field == "objectclass"
|| field == "dn" || field == "dn"
|| field == "distinguishedname" || field == "distinguishedname"
|| ALL_USER_ATTRIBUTE_KEYS.contains(&field.as_str()) || map_user_field(field).is_some()
{ {
Ok(UserRequestFilter::And(vec![])) Ok(UserRequestFilter::And(vec![]))
} else { } else {

View File

@ -2073,4 +2073,22 @@ mod tests {
Err(LdapError{ code: LdapResultCode::InvalidDNSyntax, message: r#"Unexpected DN format. Got "uid=bob,ou=groups,dc=example,dc=com", expected: "uid=id,ou=people,dc=example,dc=com""#.to_string() }) Err(LdapError{ code: LdapResultCode::InvalidDNSyntax, message: r#"Unexpected DN format. Got "uid=bob,ou=groups,dc=example,dc=com", expected: "uid=id,ou=people,dc=example,dc=com""#.to_string() })
); );
} }
#[tokio::test]
async fn test_search_filter_non_attribute() {
let mut mock = MockTestBackendHandler::new();
mock.expect_list_users()
.with(eq(Some(UserRequestFilter::And(vec![]))), eq(false))
.times(1)
.return_once(|_, _| Ok(vec![]));
let mut ldap_handler = setup_bound_admin_handler(mock).await;
let request = make_user_search_request(
LdapFilter::Present("displayname".to_owned()),
vec!["objectClass"],
);
assert_eq!(
ldap_handler.do_search_or_dse(&request).await,
Ok(vec![make_search_success()])
);
}
} }