OpenDJ REST is not able to GET resources with special characters in UID(eg: +)

This topic has 7 replies, 4 voices, and was last updated 6 years, 11 months ago by Ian Packer.

  • Author
  • #6083

    When I use OpenDJ REST end point to GET a user, It returns 404 if the user that I’m requesting has + in the uid.

    REST is enabled using http connection handlers.

    Eg : GET /users/[email protected], The response received is

    “reason”: “Not Found”,
    “message”: “No Such Entry: The search base entry ‘uid=abc [email protected],ou=people,dc=company,dc=com’ does not exist”,
    “code”: 404

    But thisuser exists in the OpenDJ LDAP and in apache directory studio, it shows the user and the RDN preview is abc\[email protected]

    Could someone help me on how to successfully retrieve this user using OpenDJ REST end point.


    • This topic was modified 6 years, 11 months ago by ratheeshvnair.
     Ian Packer

    The ‘+’ character in a URL translates to a space. Try URL encoding your input first. i.e

    GET /users/


    Hi Ian,
    Thank you very much for your reply. When I tried with encoded URL, in OpenDJ logs, I see the request being made as

    /users/ I think it encoded % in %2B to %25. Is that happening within OpenDJ? Is there a way to tell OpenDJ not to do the double encoding?


     Ian Packer

    I suspect this is probably your client. I get:

    - user.1 29/Oct/2015:04:28:14 +0000 GET /users/user%2B0/ HTTP/1.1 304 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36 13 2


    I agree with Ian.
    Works on my machine :

    curl --user user.0:password http://localhost:8080/users/john%[email protected]
    {"_id":"[email protected]","_rev":"000000006da97ab5","schemas":["urn:scim:schemas:core:1.0"],"userName":"[email protected]","displayName":"John Doe","name":{"givenName":"John","familyName":"Doe"},"contactInformation":{"emailAddress":"[email protected]"},"meta":{"created":"2015-10-29T21:02:32Z"}}lpm:opendj ludo

    Thanks Ian & Ludo,
    It was indeed my client. Works for me now. Really appreciate your help.

     Mark Craig


    My reading of RFC 3986 is that + only represents a space within a query string. It shouldn’t need to be percent-encoded in the path.

    With a recent build of OpenDJ, I cannot however reproduce the issue:

    $ ldapsearch -p 1389 -b dc=example,dc=com "(uid=abc*)"
    dn: uid=abc\[email protected],ou=People,dc=example,dc=com
    objectClass: organizationalPerson
    objectClass: top
    objectClass: person
    objectClass: inetOrgPerson
    uid: [email protected]
    sn: XYZ
    cn: ABC XYZ

    Enable the HTTP connection handler and try over HTTP:

    $ curl --user bjensen:hifalutin[email protected]
    {"_id":"[email protected]","_rev":"00000000a3354c7e","schemas":["urn:scim:schemas:core:1.0"],"displayName":"ABC XYZ","name":{"familyName":"XYZ"},"contactInformation":{},"meta":{"created":"2015-10-29T21:47:49Z"}}


     Ian Packer
Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?