},
		config.HelpKV{
			Key:         SRVRecordName,
			Description: `DNS SRV record name for LDAP service, if given, must be one of "ldap", "ldaps" or "on"` + defaultHelpPostfix(SRVRecordName),
			Optional:    true,
			Type:        "string",
			Sensitive:   false,
		},
		config.HelpKV{
			Key:         LookupBindDN,
			Description: `DN for LDAP read-only service account used to perform DN and group lookups` + defaultHelpPostfix(LookupBindDN),

        Exception innerCause = new IllegalArgumentException("Invalid LDAP parameter");
        RuntimeException middleCause = new RuntimeException("LDAP configuration error", innerCause);
        LdapOperationException exception = new LdapOperationException("LDAP operation failed", middleCause);

        assertEquals("LDAP operation failed", exception.getMessage());
        assertEquals(middleCause, exception.getCause());

import org.codelibs.fess.util.ComponentUtil;
import org.dbflute.optional.OptionalThing;

/**
 * An LDAP user.
 */
public class LdapUser implements FessUser {

    private static final long serialVersionUID = 1L;

    /** The environment for LDAP connection. */
    protected Hashtable<String, String> env;

    /** The name of the user. */
    protected String name;

        if: matrix.ldap == 'ldaphost:389'
        env:
          _MINIO_LDAP_TEST_SERVER: ${{ matrix.ldap }}
        run: |
          make test-iam-ldap-upgrade-import
      - name: Test LDAP for automatic site replication
        if: matrix.ldap == 'localhost:389'
        run: |
          make test-site-replication-ldap
      - name: Test OIDC for automatic site replication

	exit 1
fi

# Kill MinIO and LDAP to start afresh with missing groups/DN
pkill minio
docker rm -f $(docker ps -aq)
rm -rf /tmp/ldap{1..4}

# Deploy the LDAP config witg missing groups/DN
echo "Copying docs/distributed/samples/bootstrap-partial.ldif => minio-iam-testing/ldap/50-bootstrap.ldif"
cp docs/distributed/samples/bootstrap-partial.ldif minio-iam-testing/ldap/50-bootstrap.ldif || exit 1
cd ./minio-iam-testing

        String message = "LDAP error: \"Invalid <config>\" & 'bad chars' @ #$%^&*()";
        LdapConfigurationException exception = new LdapConfigurationException(message);

        assertEquals(message, exception.getMessage());
    }

    @Test
    public void test_unicodeCharactersInMessage() {
        // Test with Unicode characters in message
        String message = "LDAP設定エラー: 接続失敗 🚫 ñ é ü ß";

    public Integer purgeSuggestSearchLogDay;

    /**
     * LDAP server URL for authentication.
     * Used when LDAP authentication is enabled.
     */
    @Size(max = 1000)
    public String ldapProviderUrl;

    /**
     * LDAP security principal for binding to the LDAP server.
     * Used for authenticating with the LDAP server.
     */
    @Size(max = 1000)
    public String ldapSecurityPrincipal;

 */
package org.codelibs.fess.ldap;

/**
 * Utility class for LDAP operations.
 */
public final class LdapUtil {

    private LdapUtil() {
    }

    /**
     * Escapes special characters in a value for use in LDAP search filters.
     * This method escapes characters that have special meaning in LDAP filter expressions
     * to prevent LDAP injection attacks.
     *

 * either express or implied. See the License for the specific language
 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.auth.chain;

import org.codelibs.fess.ldap.LdapManager;
import org.codelibs.fess.mylasta.direction.FessConfig;
import org.codelibs.fess.opensearch.user.exentity.User;
import org.codelibs.fess.unit.UnitFessTestCase;
import org.codelibs.fess.util.ComponentUtil;

ldap.role.search.role.enabled=true

# LDAP attribute for surname.
ldap.attr.surname=sn
# LDAP attribute for given name.
ldap.attr.givenName=givenName
# LDAP attribute for employee number.
ldap.attr.employeeNumber=employeeNumber
# LDAP attribute for mail.
ldap.attr.mail=mail
# LDAP attribute for telephone number.
ldap.attr.telephoneNumber=telephoneNumber