Project

General

Profile

Bug #8626

CN in certificate and probably other user names are not properly escaped in LDAP search

Added by Chris Linstruth 9 months ago. Updated 8 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
User manager
Target version:
Start date:
07/09/2018
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.4.3_1
Affected Architecture:
All

Description

Marking as private due to the nature of this but it does not look like the searches are ever sent to the LDAP server in this case.

User's certificate CNs have this format: CN=Firstname Lastname (keyword)

The parentheses there result in this log entries:

Jul 9 14:28:11 fw01 php-fpm: /diag_authentication.php: Search resulted in error: Bad search filter
Jul 9 14:28:11 fw01 php-fpm: /diag_authentication.php: ERROR! Either LDAP search failed, or multiple users were found.

The parentheses (and possibly other characters) probably need to be escaped before submitting to LDAP.

Associated revisions

Revision f0b0a03b (diff)
Added by Jim Pingle 8 months ago

Escape LDAP username when searching. Fixes #8626

History

#1 Updated by Jim Pingle 8 months ago

  • Assignee set to Jim Pingle
  • Target version set to 2.4.4
  • Private changed from Yes to No
  • Affected Architecture set to All

#2 Updated by Jim Pingle 8 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#3 Updated by Jim Pingle 8 months ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF