Skip to content
This repository has been archived by the owner on Jul 24, 2023. It is now read-only.

Odd-looking queries #807

Open
rudischenck opened this issue Jun 7, 2022 · 0 comments
Open

Odd-looking queries #807

rudischenck opened this issue Jun 7, 2022 · 0 comments

Comments

@rudischenck
Copy link

  • Adldap2 Version: 10.4
  • LDAP Type: OpenLDAP
  • PHP Version: 7.4

Description:

We're using the library for directory integrations, the most popular being Jumpcloud. Got a ticket from a client who looked at Jumpcloud LDAP logs and saw some strange-looking queries generated by the library.

Hello,

In our tenant we have ldap configured and we can see the ldap queries you are sending to our ldap server and I think there is an issue.

on 03.03. you were sending around 960 requests with the following ldap filter:

(&(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=)(objectClass=))

The same happened on 21.04. with around 9619 requests.

the ldap base i was looking at was "uid=[redacted],ou=Users,o=[redacted],dc=jumpcloud,dc=com"

but the same happened also for "uid=[redacted],ou=Users,o=[redacted],dc=jumpcloud,dc=com" and many others.

I think you are sending way too many requests (around 962,186 on 21.04.).
Can you please look into your ldap integration and fix this bug? Thank you

Steps To Reproduce:

Here's the code snippet that grabs a group or OU's users. $this->integration_id will be the DN of the group or OU.

try {
  $group = $this->conn->search()->findByDn($this->integration_id);
  
  if($group instanceof \Adldap\Models\Group) $members = $group->getMembers();
  else $members = $this->conn->search()->users()->setDn($group->getDn())->paginate()->getResults();
  
  $users = [];
  foreach ($members AS $member) {
      if ($member instanceof \Adldap\Models\User) {
          $users[] = self::formatUser($member);
      }
  }
  
  $response->success = true;
  $response->entries = $users;
} catch (\Adldap\Auth\BindException $e) {
    $response->error = $e->getMessage();
}
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rudischenck