[Bug]: No results for LDAP search after whitespace

[da-frank]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

We use an Active Directory to provide users via the LDAP/AD integration.
When trying to share files or calendars entering the user or group name first shows search results. But once you start typing the first character after a space character the search returns nothing. Therefore it is impossible to share to Groups or Users which are cut off by the limit in the beginning when their name only diverges after a space.
The same search problem is observed on the command line using occ ldap:search.

Example:

> occ ldap:search "John"
John Doe
John Wick

> occ ldap:search "John "
John Doe
John Wick

> occ ldap:search "John D"

(No result for the last command).

Steps to reproduce

1. Use Active Directory as User and Group provider
2. Try sharing a file internally to a user or group.
3. Enter the name of user or group.
4. After the first character after a space no search results are shown.

Expected behavior

The search still returns after even after a space character. Both in the CLI and the sharing interface for files and calendars.

Example:

> occ ldap:search "John"
John Doe
John Wick

> occ ldap:search "John "
John Doe
John Wick

> occ ldap:search "John D"
John Doe

Nextcloud Server version

33

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.4

Web server

Apache (supported)

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

{
    "system": {
        "serverid": "1",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "***REMOVED SENSITIVE VALUE***"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "33.0.3.2",
        "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "dbdriveroptions": {
            "1009": "\/etc\/ssl\/certs\/ca-certificates.crt",
            "1014": false
        },
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "default_language": "de",
        "default_phone_region": "DE",
        "default_locale": "de_DE",
        "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "dbindex": 0,
            "timeout": 1.5
        },
        "default_timezone": "Europe\/Berlin",
        "logtimezone": "Europe\/Berlin",
        "log_rotate_size": 10485760,
        "loglevel": 2,
        "integrity.check.disabled": false,
        "skeletondirectory": "",
        "auth.bruteforce.protection.enabled": true,
        "filelocking.enabled": "true",
        "knowledgebaseenabled": false,
        "allow_user_to_change_display_name": false,
        "lost_password_link": "***REMOVED SENSITIVE VALUE***",
        "sharing.enable_share_mail": true,
        "upgrade.disable-web": true,
        "simpleSignUpLink.shown": false,
        "mail_smtpmode": "smtp",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_sendmailmode": "smtp",
        "mail_smtpport": "587",
        "mail_smtpauth": true,
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtptimeout": 10,
        "mail_smtpdebug": false,
        "maintenance_window_start": 1,
        "activity_expire_days": 90,
        "forbidden_filenames": [
            ".htaccess",
            "Thumbs.db",
            "thumbs.db",
            ".DS_Store",
            "desktop.ini",
            ".~lock"
        ],
        "forbidden_filename_basenames": [
            "con",
            "prn",
            "aux",
            "nul",
            "com0",
            "com1",
            "com2",
            "com3",
            "com4",
            "com5",
            "com6",
            "com7",
            "com8",
            "com9",
            "com\u00b9",
            "com\u00b2",
            "com\u00b3",
            "lpt0",
            "lpt1",
            "lpt2",
            "lpt3",
            "lpt4",
            "lpt5",
            "lpt6",
            "lpt7",
            "lpt8",
            "lpt9",
            "lpt\u00b9",
            "lpt\u00b2",
            "lpt\u00b3"
        ],
        "forbidden_filename_characters": [
            "<",
            ">",
            ":",
            "\"",
            "|",
            "?",
            "*",
            "\\",
            "\/"
        ],
        "forbidden_filename_extensions": [
            " ",
            ".",
            ".filepart",
            ".part"
        ],
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "enabledPreviewProviders": [
            "OC\\Preview\\BMP",
            "OC\\Preview\\GIF",
            "OC\\Preview\\JPEG",
            "OC\\Preview\\Krita",
            "OC\\Preview\\MarkDown",
            "OC\\Preview\\MP3",
            "OC\\Preview\\PNG",
            "OC\\Preview\\TXT",
            "OC\\Preview\\XBitmap"
        ]
    }
}

List of activated Apps

Enabled:
  - activity: 6.0.0
  - admin_audit: 1.23.0
  - app_api: 33.0.0
  - bookmarks: 16.1.4
  - bruteforcesettings: 6.0.0
  - calendar: 6.4.2
  - circles: 33.0.0
  - cloud_federation_api: 1.17.0
  - collectives: 4.4.0
  - comments: 1.23.0
  - contactsinteraction: 1.14.1
  - dav: 1.36.0
  - deck: 1.17.1
  - drawio: 4.2.3
  - federatedfilesharing: 1.23.0
  - files: 2.5.0
  - files_downloadlimit: 5.1.0
  - files_pdfviewer: 6.0.0
  - files_reminders: 1.6.0
  - files_sharing: 1.25.2
  - files_trashbin: 1.23.0
  - files_versions: 1.26.0
  - groupfolders: 21.0.7
  - impersonate: 4.0.0
  - logreader: 6.0.0
  - lookup_server_connector: 1.21.0
  - notifications: 6.0.0
  - oauth2: 1.21.0
  - onlyoffice: 10.0.0
  - photos: 6.0.0
  - privacy: 5.0.0
  - profile: 1.2.0
  - provisioning_api: 1.23.0
  - quota_warning: 1.23.0
  - recommendations: 6.0.0
  - related_resources: 4.0.0
  - serverinfo: 5.0.0
  - settings: 1.16.0
  - sharebymail: 1.23.0
  - systemtags: 1.23.0
  - tasks: 0.17.1
  - text: 7.0.1
  - theming: 2.8.0
  - twofactor_backupcodes: 1.22.0
  - twofactor_totp: 15.0.0
  - updatenotification: 1.23.0
  - user_ldap: 1.24.0
  - user_usage_report: 4.0.0
  - viewer: 6.0.0
  - webhook_listeners: 1.5.0
  - workflowengine: 2.15.0
Disabled:
  - dashboard: 7.13.0 (installed 7.7.0)
  - encryption: 2.21.0
  - federation: 1.23.0 (installed 1.17.0)
  - files_external: 1.25.1
  - firstrunwizard: 6.0.0 (installed 2.16.0)
  - nextcloud_announcements: 5.0.0 (installed 1.16.0)
  - password_policy: 5.0.0 (installed 1.17.0)
  - support: 5.0.0 (installed 1.10.0)
  - survey_client: 5.0.0 (installed 1.15.0)
  - suspicious_login: 11.0.0
  - testing: 1.23.0
  - twofactor_nextcloud_notification: 7.0.0
  - user_status: 1.13.0 (installed 1.7.0)
  - weather_status: 1.13.0 (installed 1.7.0)

Nextcloud Signing status

Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.

Results
=======
- core
	- INVALID_HASH
		- core/js/mimetypelist.js

Raw output
==========
Array
(
    [core] => Array
        (
            [INVALID_HASH] => Array
                (
                    [core/js/mimetypelist.js] => Array
                        (
                            [expected] => cb945c6402e12d9e7d42d0359acf95a6e9a9b0c1f3bd8528f598a7fb1694e5ae34c80cf44ef6c8901eac1bfdd152de3315fc7eac007efee0f33f09ed3e518b6a
                            [current] => 6b290ba45e633706e1fe761ca21422053c113f17b2bb35f2351f2cf1c3b893aa543af6c594077ca213c755cfa0d002e22109bb1797bbadd8fb410ca839143e0e
                        )

                )

        )

)

Nextcloud Logs

Additional info

No response