LDAP Config and ampersand (&)

Jeremy Nofs6 years ago

I'm trying to get LDAP (Active Directory) logins to work correctly, but I believe the XML is not parsing correctly in the traccar.xml due to the ampersand in the search filter. I have also tried changing the ampersand to & but that did not work, either.

Trying to use a similar filter as in the given example for the ldap.searchFilter and ldap.adminFilter entries in the traccar.xml file.

(&(sAMAccountName=:login)(memberOf:1.2.840.113556.1.4.1941:=CN=Traccar users,OU=Traccar,OU=Security,DC=domain,DC=local)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

and changed to this:

(&(sAMAccountName=:login)(memberOf:1.2.840.113556.1.4.1941:=CN=Traccar users,OU=Traccar,OU=Security,DC=domain,DC=local)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))
Jeremy Nofs6 years ago

Here is the sanitized configuration file that is not allowing Traccar to startup completely/correctly. Service says running, but webapp is not. If I remove the LDAP config section, it works, but I really need to enable logins via LDAP. The password is different here, but has those same two special characters, if anyone thinks that is an issue. Also, it exhibits the same behavior if I escape the ampersand in the searchFilter, or not.

<?xml version='1.0' encoding='UTF-8'?>

<!DOCTYPE properties SYSTEM 'http://java.sun.com/dtd/properties.dtd'>

<properties>

    <entry key='config.default'>./conf/default.xml</entry>

    <entry key='database.driver'>com.microsoft.sqlserver.jdbc.SQLServerDriver</entry>
    <entry key='database.url'>jdbc:sqlserver://ENGTRACCAR\TRACCAR;user=traccar;password=c!dsfsdf#dsf;databaseName=traccar</entry>
    <entry key='database.user'>traccar</entry>
    <entry key='database.password'>c!dsfsdf#dsf</entry>

    <entry key='ldap.enable'>true</entry>

    <entry key='ldap.server'>ff.fffff.edu</entry>
    <entry key='ldap.port'>389</entry>
    <entry key='ldap.base'>ou=_Delegated,DC=fff,DC=fff,DC=fff</entry>
    <entry key='ldap.idAttribute'>sAMAccountName</entry>
    <entry key='ldap.nameAttribute'>cn</entry>
    <entry key='ldap.mailAttribute'>userPrincipalName</entry>
    <entry key='ldap.searchFilter'>(&amp;(sAMAccountName=:login)(memberOf:1.2.840.113556.1.4.1941:=CN=ENG_ROLE_APP_traccar users,OU=ENG Custom,OU=ENG Groups,OU=Groups,OU=SG_DTS,OU=_Delegated,DC=ff,DC=fffff,DC=edu)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))</entry>
    <entry key='ldap.adminFilter'>(&amp;(sAMAccountName=:login)(memberOf:1.2.840.113556.1.4.1941:=CN=ENG_ROLE_APP_traccar admins,OU=ENG Custom,OU=ENG Groups,OU=Groups,OU=SG_DTS,OU=_Delegated,DC=ff,DC=fffff,DC=edu)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))</entry>
    <entry key='ldap.user'>cn=eng_srv_traccar,dc=ff,dc=fffff,dc=edu</entry>
    <entry key='ldap.password'>c!dsfsdf#dsf</entry>
    <entry key='ldap.force'>true</entry>

</properties>
Jeremy Nofs6 years ago

I was actually mistaken, and it was a different error when I changed it to escape the ampersand. I think it was attempting to log in to the database with an ldap user with a sAMAccountName of traccar. I left the user and password in the database.url entry and removed the database.user and database.password entries.

Also, in my case, anyway, I needed to just use the sAMAccountName for ldap.user, and not the DistinguishedName.