[pbs-devel] [PATCH proxmox-backup] ldap: surround user filter expression in parenthesis if not already

Lukas Wagner l.wagner at proxmox.com
Wed May 24 10:41:19 CEST 2023


In PVE, the `filter` attribute is surrounded in () if it is not already,
allowing "uid=test" as well as "(uid=test)" [1].

A forum user [2] just ran into this incosistency, so I decieded to adjust
the behavior.

[1] https://git.proxmox.com/?p=pve-common.git;a=blob;f=src/PVE/LDAP.pm;h=ff98e367e63265bf76c0f302847c3749eea095a6;hb=HEAD#l115
[2] https://forum.proxmox.com/threads/ldap-query-for-security-group-members.127882/

Signed-off-by: Lukas Wagner <l.wagner at proxmox.com>
---
 proxmox-ldap/src/lib.rs | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/proxmox-ldap/src/lib.rs b/proxmox-ldap/src/lib.rs
index ea210b3e..4fa866d8 100644
--- a/proxmox-ldap/src/lib.rs
+++ b/proxmox-ldap/src/lib.rs
@@ -351,7 +351,14 @@ impl<'a> Display for FilterElement<'a> {
             FilterElement::Condition(attr, value) => {
                 write!(f, "({attr}={value})")?;
             }
-            FilterElement::Verbatim(verbatim) => write!(f, "{verbatim}")?,
+            FilterElement::Verbatim(verbatim) => {
+
+                if !verbatim.starts_with('(') && !verbatim.ends_with(')') {
+                    write!(f, "({verbatim})")?
+                } else {
+                    write!(f, "{verbatim}")?
+                }
+            },
         }
 
         Ok(())
@@ -371,6 +378,7 @@ mod tests {
         );
 
         assert_eq!("(foo=bar)", &Verbatim("(foo=bar)").to_string());
+        assert_eq!("(foo=bar)", &Verbatim("foo=bar").to_string());
 
         let filter_string = And(vec![
             Condition("givenname", "john"),
-- 
2.30.2






More information about the pbs-devel mailing list