LDAP group handler should escape dollar signs in values when used with regexps


From forums:

eGroupware creates the postalAddress and homePostalAddress attribute compositing the various street, city, zip, etc.. using some dollar signs ($).

Openfire works without a problem, and I and the other users can login and send messages and such. However, when I tried to configure some transports to ICQ and MSN, the transports didn't work and I kept getting in the debug log the following entries:

2008.04.01 21:45:10 LdapVCardProvider: Getting mapped vcard for rob.mau
2008.04.01 21:45:10 Exception while processing packet: java.lang.IllegalArgumentException: Illegal group reference

I'm no java programmer, but I've searched google for "Illegal group reference", and the first entry is this: http://cephas.net/blog/2006/02/09/javalangillegalargumentexception-illegal-group-reference-replaceall-and-dollar-signs/

There the blog's author explains that when using the replaceAll method of the String object, the first argument is considered a regular expression, and any occurrence of $ in the second parameter is taken as a backreference to a parenthesis group inside the regular expression in the first. Too bad this isn't the case, and we get the "Illegal group reference".

I suspected that in the mapping of LDAP attributes to a user vcard there's a String.replaceAll that's used, and that when it tries to replace postalAddress it get confused by the dollar sign before the ZIP code.

As a test, I removed the $ signs in my user record, and I was able to use the transport without a problem

So I'd say that LdapVCardProvider (don't know if it's local to the IM Transport plugin or a system function of Openfire) does not escapes correctly the $ signs it may find in the LDAP records that it tries to map to a vcard for the user logging in the Transport.
For egroupware there's a "best fix" to NOT use "postalAddress" and "homePostalAddress" as "Home street address" and "Business street address" in the user profile vCard definition: this way there are no $ signs in the vcard mapping and no errors.

But this problem could bite for every LDAP field that gets mapped in the user vcard if in some field you have a $ sign followed by a number. The fix should be to escape every dollarsign with a backslash (and this probably has been already done for the core, since it works even with the addresses full of dollarsigns)




Daniel Henninger


Daniel Henninger



Expected Effort


Ignite Forum URL



Fix versions