Can't use a LDAP search filter containing an accent
I use a virtual machine with pfSense 2.3.4 (amd64) with Squid package v0.4.37 (including squid 3.5.26).I have to bind to an active directory, so in Services > Squid Proxy Server > Authentication I choose :
- IP of the DC
- Port 389
- LDAP version : 3
- LDAP Server User DN : CN=pfsensead,CN=Users,DC=corp,DC=lan
- LDAP Password : ****
- LDAP Base Domain : DC=corp,DC=lan
- LDAP Username DN Attribute : sAMAccountName
- LDAP Search Filter : (&(memberOf=CN=proxy-allow,OU=Service testé,DC=corp,DC=lan)(sAMAccountName=%s))
With this configuration an active directory user must be member of the group "proxy-allow" to be authenticated by Squid.
The issue is the accent "é" in the OU name.
I tried with no space in OU, it does not work.
I tried with space and no accent : it works.
I tried with no group and LDAP Search filter : "((sAMAccountName=%s)" : it work.
When I click on Save pfSense ignore modification.
I don't know if it's an encoding issue in the web interface or in the config file. And... I know it's a very bad idea to have an accent (or a space) in LDAP path, but I am not at the origin of this.
#6 Updated by Viktor Gurov 10 months ago
- Status changed from Feedback to Resolved
works as expected on 2.5.0.a.20200409.0657:
# grep ldap /usr/local/etc/squid/squid.conf auth_param basic program /usr/local/libexec/squid/basic_ldap_auth -v 3 -b 'DC=corp,DC=lan' -D 'CN=pfsensead,CN=Users,DC=corp,DC=lan' -w '123' -f '(&(memberOf=CN=proxy-allow,OU=Service testé,DC=corp,DC=lan) (sAMAccountName=%s))' -u 'sAMAccountName' -P -H 'ldap://192.168.1.10:389'