ldap: surround user filter expression in parenthesis if not already

In PVE, the `filter` attribute is surrounded in () if it is not already, allowing "uid=test" as well as "(uid=test)" [1]. A forum user [2] just ran into this inconsistency, so I decided to adjust the behavior. [1] https://git.proxmox.com/?p=pve-common.git;a=blob;f=src/PVE/LDAP.pm;h=ff98e367e63265bf76c0f302847c3749eea095a6;hb=HEAD#l115 [2] https://forum.proxmox.com/threads/ldap-query-for-security-group-members.127882/ Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
2025-06-13 04:46:04 +00:00 · 2023-06-23 10:16:37 +02:00 · 2023-06-23 10:16:37 +02:00 · 378e2380b7
commit 378e2380b7
parent 84edb20eb8
1 changed files with 9 additions and 1 deletions
--- a/proxmox-ldap/src/lib.rs
+++ b/proxmox-ldap/src/lib.rs
@ -351,7 +351,14 @@ impl<'a> Display for FilterElement<'a> {
            FilterElement::Condition(attr, value) => {
                write!(f, "({attr}={value})")?;
            }
-            FilterElement::Verbatim(verbatim) => write!(f, "{verbatim}")?,
+            FilterElement::Verbatim(verbatim) => {
+
+                if !verbatim.starts_with('(') && !verbatim.ends_with(')') {
+                    write!(f, "({verbatim})")?
+                } else {
+                    write!(f, "{verbatim}")?
+                }
+            },
        }

        Ok(())
@ -371,6 +378,7 @@ mod tests {
        );

        assert_eq!("(foo=bar)", &Verbatim("(foo=bar)").to_string());
+        assert_eq!("(foo=bar)", &Verbatim("foo=bar").to_string());

        let filter_string = And(vec![
            Condition("givenname", "john"),