Bug #8626: CN in certificate and probably other user names are not properly escaped in LDAP search - pfSense - pfSense bugtracker

Bug #8626

CN in certificate and probably other user names are not properly escaped in LDAP search

Added by Chris Linstruth over 2 years ago. Updated over 2 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Jim Pingle

Category:

User Manager / Privileges

Target version:

2.4.4

Start date:

07/09/2018

Due date:

% Done:

100%

Estimated time:

Affected Version:

2.4.3_1

Affected Architecture:

All

Release Notes:

Default

Description

Marking as private due to the nature of this but it does not look like the searches are ever sent to the LDAP server in this case.

User's certificate CNs have this format: CN=Firstname Lastname (keyword)

The parentheses there result in this log entries:

Jul 9 14:28:11 fw01 php-fpm: /diag_authentication.php: Search resulted in error: Bad search filter
Jul 9 14:28:11 fw01 php-fpm: /diag_authentication.php: ERROR! Either LDAP search failed, or multiple users were found.

The parentheses (and possibly other characters) probably need to be escaped before submitting to LDAP.

Associated revisions

Revision f0b0a03b (diff)
Added by Jim Pingle over 2 years ago

Escape LDAP username when searching. Fixes #8626

History

#1 Updated by Jim Pingle over 2 years ago

Assignee set to Jim Pingle
Target version set to 2.4.4
Private changed from Yes to No
Affected Architecture All added
Affected Architecture deleted ()

#2 Updated by Jim Pingle over 2 years ago

Status changed from New to Feedback
% Done changed from 0 to 100

Applied in changeset f0b0a03bbdca9311f3f01b8825903425126727bb.

#3 Updated by Jim Pingle over 2 years ago

Status changed from Feedback to Resolved

Also available in: Atom PDF

Project

General

Profile

pfSense

Issues

Custom queries