Project

General

Profile

Bug #7654

Can't use a LDAP search filter containing an accent

Added by mr xhark about 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Squid
Target version:
-
Start date:
06/20/2017
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.3.4
Affected Architecture:
All

Description

Hi,

I use a virtual machine with pfSense 2.3.4 (amd64) with Squid package v0.4.37 (including squid 3.5.26).

I have to bind to an active directory, so in Services > Squid Proxy Server > Authentication I choose :
  • LDAP
  • IP of the DC
  • Port 389
  • LDAP version : 3
  • LDAP Server User DN : CN=pfsensead,CN=Users,DC=corp,DC=lan
  • LDAP Password : ****
  • LDAP Base Domain : DC=corp,DC=lan
  • LDAP Username DN Attribute : sAMAccountName
  • LDAP Search Filter : (&(memberOf=CN=proxy-allow,OU=Service test√©,DC=corp,DC=lan)(sAMAccountName=%s))

With this configuration an active directory user must be member of the group "proxy-allow" to be authenticated by Squid.

The issue is the accent "é" in the OU name.
I tried with no space in OU, it does not work.
I tried with space and no accent : it works.
I tried with no group and LDAP Search filter : "((sAMAccountName=%s)" : it work.

When I click on Save pfSense ignore modification.

I don't know if it's an encoding issue in the web interface or in the config file. And... I know it's a very bad idea to have an accent (or a space) in LDAP path, but I am not at the origin of this.

Regards

Also available in: Atom PDF