Virtual attributes source query fails to allow valid search with NULL parameter

  • 7018636
  • 17-Feb-2017
  • 23-Feb-2017


NetIQ Access Manager 4.3
NetIQ Access Manager 4.2


When implementing a virtual attribute source query, which UI configuration utility allows for some custom LDAP searches to be performed against a remote LDAP data source to verify what attributes are returned. This works perfectly (we return requested attributes) when all parameters defined in the LDAP search request have values, but fails without.

In our use case, we want to generate the following LDAP request

(&(objectClass=user)(| (cn=%P1%)(cn=%P2%)))

which works fine when P1 and P2 exist. If P2 does not exist (which is the case for some setups), we fail to return any attribute. A look at the catalina.out for the AC shows exceptions with P2 being null.

From the LDAP RFC, it is allows to generate an LDAP search with a null value ((|(cn=ncashell)(cn=)) so we know the back end allows it. This only applies to the search utility.


Fixed in 4.3.1.
Fix simply removes restrictions from UI when customer is using ldap. .