TSK-1494: Validate the AccessIds with EqualsFilter instead of WhitespaceWildcardsFilter

rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/AccessIdController.java

@@ -80,7 +80,7 @@ public class AccessIdController {
 
     taskanaEngine.checkRoleMembership(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN);
 
-    if (!validateAccessId(accessId)) {
+    if (!ldapClient.validateAccessId(accessId)) {
       throw new InvalidArgumentException("The accessId is invalid");
     }
 
@@ -93,8 +93,4 @@ public class AccessIdController {
     }
     return response;
   }
-
-  private boolean validateAccessId(String accessId) throws InvalidArgumentException {
-    return ldapClient.searchUsersAndGroups(accessId).size() == 1;
-  }
 }

rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/ldap/LdapClient.java

@@ -214,6 +214,46 @@ public class LdapClient {
     return accessIds;
   }
 
+  /**
+   * Validates a given AccessId / name.
+   *
+   * @param name lookup string for names or groups
+   * @return whether the given name is valid or not
+   */
+  public boolean validateAccessId(final String name) {
+
+    LOGGER.debug("entry to validateAccessId(name = {})", name);
+
+    isInitOrFail();
+
+    if (nameIsDn(name)) {
+
+      AccessIdRepresentationModel groupByDn = searchAccessIdByDn(name);
+
+      return groupByDn != null;
+
+    } else {
+
+      final AndFilter andFilter = new AndFilter();
+      andFilter.and(new EqualsFilter(getUserSearchFilterName(), getUserSearchFilterValue()));
+
+      final OrFilter orFilter = new OrFilter();
+      orFilter.or(new EqualsFilter(getUserIdAttribute(), name));
+
+      andFilter.and(orFilter);
+
+      final List<AccessIdRepresentationModel> accessIds =
+          ldapTemplate.search(
+              getUserSearchBase(),
+              andFilter.encode(),
+              SearchControls.SUBTREE_SCOPE,
+              getLookUpUserAttributesToReturn(),
+              new UserContextMapper());
+
+      return !accessIds.isEmpty();
+    }
+  }
+
   public String getUserSearchBase() {
     return LdapSettings.TASKANA_LDAP_USER_SEARCH_BASE.getValueFromEnv(env);
   }

rest/taskana-rest-spring/src/test/java/pro/taskana/common/rest/AccessIdControllerIntTest.java

@@ -157,6 +157,25 @@ class AccessIdControllerIntTest {
                 + "cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA");
   }
 
+  @Test
+  void should_ValidateAccessIdWithEqualsFilterAndReturnAccessIdsOfGroupsTheAccessIdIsMemberOf() {
+    ResponseEntity<List<AccessIdRepresentationModel>> response =
+        TEMPLATE.exchange(
+            restHelper.toUrl(RestEndpoints.URL_ACCESS_ID_GROUPS) + "?access-id=user-2-1",
+            HttpMethod.GET,
+            restHelper.defaultRequest(),
+            ACCESS_ID_LIST_TYPE);
+
+    assertThat(response.getBody())
+        .isNotNull()
+        .extracting(AccessIdRepresentationModel::getAccessId)
+        .usingElementComparator(String.CASE_INSENSITIVE_ORDER)
+        .containsExactlyInAnyOrder(
+            "cn=ksc-users,cn=groups,ou=Test,O=TASKANA",
+            "cn=Organisationseinheit KSC 2,cn=Organisationseinheit KSC,"
+                + "cn=organisation,ou=Test,O=TASKANA");
+  }
+
   @Test
   void should_ReturnBadRequest_ifAccessIdOfUserContainsInvalidCharacter() {
     ThrowingCallable call =