Hi,
I am trying to setup a ldap_filter containing a few wildcards. I am using ejabberd 14.07.
The filter looks like this:
ldap_filter: "(|(employeeType=ogrname;part1;*)(employeeType=orgname;part2;*)(employeeType=orgname;part3;*))"So I want to allow ldap access for everyone whose employeeType is for example orgname;part1;sub1 or orgname;part1;sub2 or orgname;part2;sub1 and so on. Whenever I try to login with this (or a similar) filter in place I get an errormessage like this:
12:13:14.435 [error] gen_fsm 'eldap_#Ref<0.0.0.11025>' in state active terminated with reason: no match of right hand value {error,{asn1,{function_clause,[{'ELDAPv3',enc_SubstringFilter_substrings_components,[{'SubstringFilter_substrings',[{initial,<<"orgname;part1;">>}]},[],0],[{file,"src/ELDAPv3.erl"},{line,1768}]},{'ELDAPv3',enc_SubstringFilter_substrings,2,[{file,"src/ELDAPv3.erl"},{line,1765}]},{'ELDAPv3',enc_SubstringFilter,2,[{file,"src/ELDAPv3.erl"},{line,1753}]},{'ELDAPv3',enc_Filter,2,[{file,"src/ELDAPv3.erl"},{line,1604}]},{'ELDAPv3',enc_Filter_or_components,3,[{file,"src/ELDAPv3.erl"},{line,1661}]},{'ELDAPv3',...},...]}}} in eldap:send_command/3 line 831
12:13:14.435 [error] CRASH REPORT Process 'eldap_#Ref<0.0.0.11025>' with 2 neighbours exited with reason: no match of right hand value {error,{asn1,{function_clause,[{'ELDAPv3',enc_SubstringFilter_substrings_components,[{'SubstringFilter_substrings',[{initial,<<"orgname;part1;">>}]},[],0],[{file,"src/ELDAPv3.erl"},{line,1768}]},{'ELDAPv3',enc_SubstringFilter_substrings,2,[{file,"src/ELDAPv3.erl"},{line,1765}]},{'ELDAPv3',enc_SubstringFilter,2,[{file,"src/ELDAPv3.erl"},{line,1753}]},{'ELDAPv3',enc_Filter,2,[{file,"src/ELDAPv3.erl"},{line,1604}]},{'ELDAPv3',enc_Filter_or_components,3,[{file,"src/ELDAPv3.erl"},{line,1661}]},{'ELDAPv3',...},...]}}} in eldap:send_command/3 line 831 in gen_fsm:terminate/7 line 620
12:13:14.436 [error] Supervisor ejabberd_sup had child 'ejabberd_auth_ldap_xmpp.myexample.de' started with ejabberd_auth_ldap:start_link(<<"xmpp.myexample.de">>) at <0.336.0> exit with reason no match of right hand value {error,{asn1,{function_clause,[{'ELDAPv3',enc_SubstringFilter_substrings_components,[{'SubstringFilter_substrings',[{initial,<<"orgname;part1;">>}]},[],0],[{file,"src/ELDAPv3.erl"},{line,1768}]},{'ELDAPv3',enc_SubstringFilter_substrings,2,[{file,"src/ELDAPv3.erl"},{line,1765}]},{'ELDAPv3',enc_SubstringFilter,2,[{file,"src/ELDAPv3.erl"},{line,1753}]},{'ELDAPv3',enc_Filter,2,[{file,"src/ELDAPv3.erl"},{line,1604}]},{'ELDAPv3',enc_Filter_or_components,3,[{file,"src/ELDAPv3.erl"},{line,1661}]},{'ELDAPv3',...},...]}}} in eldap:send_command/3 line 831 in context child_terminated
12:13:14.436 [error] LDAP request failed: eldap:search([[{base,<<"ou=People,o=myexample.de,o=internet">>},{filter,{and,[{equalityMatch,{'AttributeValueAssertion',<<"uid">>,<<"julkip">>}},{or,[{substrings,{'SubstringFilter',<<"employeetype">>,{'SubstringFilter_substrings',[{initial,<<"orgname;part1;">>}]}}},{substrings,{'SubstringFilter',<<"employeetype">>,{'SubstringFilter_substrings',[{initial,<<"orgname;part2;">>}]}}},{substrings,{'SubstringFilter',<<"employeeType">>,{'SubstringFilter_substrings',[{initial,<<"orgname;part3;">>}]}}}]}]}},{deref_aliases,never},{attributes,[<<"uid">>]}]])
Reason: {{{badmatch,{error,{asn1,{function_clause,[{'ELDAPv3',enc_SubstringFilter_substrings_components,[{'SubstringFilter_substrings',[{initial,<<"orgname;part1;">>}]},[],0],[{file,"src/ELDAPv3.erl"},{line,1768}]},{'ELDAPv3',enc_SubstringFilter_substrings,2,[{file,"src/ELDAPv3.erl"},{line,1765}]},{'ELDAPv3',enc_SubstringFilter,2,[{file,"src/ELDAPv3.erl"},{line,1753}]},{'ELDAPv3',enc_Filter,2,[{file,"src/ELDAPv3.erl"},{line,1604}]},{'ELDAPv3',enc_Filter_or_components,3,[{file,"src/ELDAPv3.erl"},{line,1661}]},{'ELDAPv3',enc_Filter_or,2,[{file,"src/ELDAPv3.erl"},{line,1654}]},{'ELDAPv3',enc_Filter,2,[{file,"src/ELDAPv3.erl"},{line,1598}]},{'ELDAPv3',enc_Filter_and_components,3,[{file,"src/ELDAPv3.erl"},{line,1636}]}]}}}},[{eldap,send_command,3,[{file,"src/eldap.erl"},{line,831}]},{eldap,process_command,3,[{file,"src/eldap.erl"},{line,813}]},{gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,503}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,239}]}]},{gen_fsm,sync_send_event,[<0.337.0>,{search,{eldap_search,wholeSubtree,<<"ou=People,o=myexample.de,o=internet">>,{and,[{equalityMatch,{'AttributeValueAssertion',<<"uid">>,<<"julkip">>}},{or,[{substrings,{'SubstringFilter',<<"employeetype">>,{'SubstringFilter_substrings',[{initial,<<"orgname;part1;">>}]}}},{substrings,{'SubstringFilter',<<"employeetype">>,{'SubstringFilter_substrings',[{initial,<<"orgname;part2;">>}]}}},{substrings,{'SubstringFilter',<<"employeeType">>,{'SubstringFilter_substrings',[{initial,<<"orgname;part3;">>}]}}}]}]},0,[<<"uid">>],false,neverDerefAliases,0}},110500]}}When i use a filter without and *-chars it is working fine. Is there any way to get this working with the wildcards? Without the wildcards there would be several thousand possible permutations and I cannot possibly write them all down by hand...
Thanks in advance!
