ldap: surround user filter expression in parenthesis if not already

In PVE, the `filter` attribute is surrounded in () if it is not already,
allowing "uid=test" as well as "(uid=test)" [1].

A forum user [2] just ran into this inconsistency, so I decided to adjust
the behavior.

[1] https://git.proxmox.com/?p=pve-common.git;a=blob;f=src/PVE/LDAP.pm;h=ff98e367e63265bf76c0f302847c3749eea095a6;hb=HEAD#l115
[2] https://forum.proxmox.com/threads/ldap-query-for-security-group-members.127882/

Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>

diff --git a/proxmox-ldap/src/lib.rs b/proxmox-ldap/src/lib.rs
index ea210b3e4cbdb4d26c1585f2142b7ddc2c9c3333..4fa866d880a3e350a2e63d53069413ff38372f3a 100644 (file)
--- a/proxmox-ldap/src/lib.rs
+++ b/proxmox-ldap/src/lib.rs
@@ -351,7 +351,14 @@ impl<'a> Display for FilterElement<'a> {
             FilterElement::Condition(attr, value) => {
                 write!(f, "({attr}={value})")?;
             }
-            FilterElement::Verbatim(verbatim) => write!(f, "{verbatim}")?,
+            FilterElement::Verbatim(verbatim) => {
+
+                if !verbatim.starts_with('(') && !verbatim.ends_with(')') {
+                    write!(f, "({verbatim})")?
+                } else {
+                    write!(f, "{verbatim}")?
+                }
+            },
         }
 
         Ok(())
@@ -371,6 +378,7 @@ mod tests {
         );
 
         assert_eq!("(foo=bar)", &Verbatim("(foo=bar)").to_string());
+        assert_eq!("(foo=bar)", &Verbatim("foo=bar").to_string());
 
         let filter_string = And(vec![
             Condition("givenname", "john"),