LDAP Query Assertion Question

Document ID : KB000116944
Last Modified Date : 04/10/2018
Show Technical Document Details
Issue:
Query is not working as expected
Example LDAP query in search filter:

(&(givenName=M*)(hmsstatus=Active)(|(uid=t*)(uid=c*)(uid=p*)(uid=e*))(!(|(employeeType=service)(employeeType=test))))

Results: LDAP Query can return the result.

But if I put same string into Context Variable. Data Type is String and Expression has exactly same LDAP query string.
Example LDAP Search Filter such as ${ldapquerystring}
Result gateway ssg logs this error:
 
2018-09-18T22:01:33.212-0500 WARNING 430 com.l7tech.external.assertions.ldapquery.server.ServerLDAPQueryAssertion: 9026: LDAP Query error: Error searching for LDAP entry: invalid attribute description; remaining name 'o=hms'
 
Cause:
The search filter textbox expects context variable to be used only for dynamic values in the search filter. For eg. (&(objectClass=*)(cn=${contextVariable})).
 
By default, "Protect against LDAP Injection" checkbox is enabled to protect against LDAP Injection.

This protection escapes the special characters like (, ), * and \ found in the context variable reference. If the complete search filter is being used as a context variable, then the "Protect against LDAP Injection" needs to be disabled. Otherwise, provide the search filter in the query assertion and use the context variable for any dynamic value that needs to be replaced in the search filter before querying the LDAP (special characters will be escaped).

 
 
Resolution:
LDAP Query Properties assertion for the LDAP query you have issue with uncheck the BOX “Protect against LDAP injection”
 
LDAP Query