}

    /**
     * Escapes special characters in an LDAP search filter to prevent LDAP injection attacks.
     *
     * @param filter the LDAP search filter to escape (null is treated as empty string)
     * @return the escaped filter string safe for use in LDAP queries (empty string if filter is null)
     * @see <a href="https://tools.ietf.org/html/rfc4515">RFC 4515 - LDAP String Representation of Search Filters</a>

        Exception innerCause = new IllegalArgumentException("Invalid LDAP parameter");
        RuntimeException middleCause = new RuntimeException("LDAP configuration error", innerCause);
        LdapOperationException exception = new LdapOperationException("LDAP operation failed", middleCause);

        assertEquals("LDAP operation failed", exception.getMessage());
        assertEquals(middleCause, exception.getCause());

        String message = "LDAP error: \"Invalid <config>\" & 'bad chars' @ #$%^&*()";
        LdapConfigurationException exception = new LdapConfigurationException(message);

        assertEquals(message, exception.getMessage());
    }

    @Test
    public void test_unicodeCharactersInMessage() {
        // Test with Unicode characters in message
        String message = "LDAP設定エラー: 接続失敗 🚫 ñ é ü ß";

    public Integer purgeSuggestSearchLogDay;

    /**
     * LDAP server URL for authentication.
     * Used when LDAP authentication is enabled.
     */
    @Size(max = 1000)
    public String ldapProviderUrl;

    /**
     * LDAP security principal for binding to the LDAP server.
     * Used for authenticating with the LDAP server.
     */
    @Size(max = 1000)
    public String ldapSecurityPrincipal;

 */
package org.codelibs.fess.ldap;

/**
 * Utility class for LDAP operations.
 */
public final class LdapUtil {

    private LdapUtil() {
    }

    /**
     * Escapes special characters in a value for use in LDAP search filters.
     * This method escapes characters that have special meaning in LDAP filter expressions
     * to prevent LDAP injection attacks.
     *

 * either express or implied. See the License for the specific language
 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.auth.chain;

import org.codelibs.fess.ldap.LdapManager;
import org.codelibs.fess.mylasta.direction.FessConfig;
import org.codelibs.fess.opensearch.user.exentity.User;
import org.codelibs.fess.unit.UnitFessTestCase;
import org.codelibs.fess.util.ComponentUtil;

ldap.role.search.role.enabled=true

# LDAP attribute for surname.
ldap.attr.surname=sn
# LDAP attribute for given name.
ldap.attr.givenName=givenName
# LDAP attribute for employee number.
ldap.attr.employeeNumber=employeeNumber
# LDAP attribute for mail.
ldap.attr.mail=mail
# LDAP attribute for telephone number.
ldap.attr.telephoneNumber=telephoneNumber

	// 1. Collect all LDAP users with active creds.
	allCreds := sys.store.GetSTSAndServiceAccounts()
	// List of unique LDAP (parent) user DNs that have active creds
	var parentUserActualDNList []string
	// Map of LDAP user (internal representation) to list of active credential objects
	parentUserToCredsMap := make(map[string][]auth.Credentials)
	// DN to ldap username mapping for each LDAP user

    }

    @Test
    public void test_escapeValue_mixedSpecialChars() {
        // Test LDAP injection attempt: admin*
        assertEquals("admin\\2a", LdapUtil.escapeValue("admin*"));

        // Test LDAP injection attempt: )(cn=*
        assertEquals("\\29\\28cn=\\2a", LdapUtil.escapeValue(")(cn=*"));

        // Test LDAP injection attempt: *)(uid=*))(|(uid=*

├── sso/                       # SSO implementations (oic, saml, spnego, entraid)
├── auth/                      # Authentication management
├── ldap/                      # LDAP integration
├── filter/                    # Servlet filters
├── validation/                # Custom validators
├── dict/                      # Dictionary management