LDAP Query Assertion Question
search cancel

LDAP Query Assertion Question


Article ID: 116944


Updated On:


STARTER PACK-7 CA Rapid App Security CA API Gateway


Query is not working as expected
Example LDAP query in search filter:


Results: LDAP Query can return the result.

But if I put same string into Context Variable. Data Type is String and Expression has exactly same LDAP query string.
Example LDAP Search Filter such as ${ldapquerystring}
Result gateway ssg logs this error:
2018-09-18T22:01:33.212-0500 WARNING 430 com.l7tech.external.assertions.ldapquery.server.ServerLDAPQueryAssertion: 9026: LDAP Query error: Error searching for LDAP entry: invalid attribute description; remaining name 'o=hms'


Component: APIGTW


The search filter textbox expects context variable to be used only for dynamic values in the search filter. For eg. (&(objectClass=*)(cn=${contextVariable})).
By default, "Protect against LDAP Injection" checkbox is enabled to protect against LDAP Injection.

This protection escapes the special characters like (, ), * and \ found in the context variable reference. If the complete search filter is being used as a context variable, then the "Protect against LDAP Injection" needs to be disabled. Otherwise, provide the search filter in the query assertion and use the context variable for any dynamic value that needs to be replaced in the search filter before querying the LDAP (special characters will be escaped).



LDAP Query Properties assertion for the LDAP query you have issue with uncheck the BOX “Protect against LDAP injection”

<Please see attached file for image>

LDAP Query


1558694956179000116944_sktwi1f5rjvs16hxv.png get_app