When trying to use a deny (!) in the condition of an LDAP filter, the system returns an invalid filter message

fabaoocara · December 15, 2022, 3:48pm

Infos:

Used Zammad version: 5.3.0
Used Zammad installation type: package
Operating system: Oracle Linux Server 8.6
Browser + version: Chrome + 103

Expected behavior:

When creating the ldap filter it should be accepted, the filter is correct

Filter example:

(&(objectCategory=person)(!userAccountControl:1.2.840.113556.1.4.803:=2)(objectClass=user)(samaccountname=*))

This filter will fetch all accounts that are active on AD!

Actual behavior:

When inserting the filter and moving forward, an error message is displayed stating that the filter is invalid, I did several tests and this behavior only occurs when the filter sentence contains the character “!” which would be a correct expression

Clicking on Continue

Steps to reproduce the behavior:

Insert an ldap filter that contains the character “!” exclamation

fabaoocara · December 15, 2022, 4:14pm

Researching other forums, I found that to use negation it is necessary to add a parenthesis to place the negation, getting the correct filter like this:

Wrong filter:

(&(objectCategory=person)(!userAccountControl:1.2.840.113556.1.4.803:=2)(objectClass=user)(samaccountname=*))

Correct Filter:

(&(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(objectClass=user)(samaccountname=*)(employeeID>=1))

I hope I helped other people!

system · April 14, 2023, 4:15pm

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.