Bug #8626: CN in certificate and probably other user names are not properly escaped in LDAP search - pfSense - pfSense bugtracker

Actions

Copy link

Bug #8626

closed

CN in certificate and probably other user names are not properly escaped in LDAP search

Added by Chris Linstruth over 6 years ago. Updated over 6 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Jim Pingle

Category:

User Manager / Privileges

Target version:

2.4.4

Start date:

07/09/2018

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.4.3_1

Affected Architecture:

All

Description

Marking as private due to the nature of this but it does not look like the searches are ever sent to the LDAP server in this case.

User's certificate CNs have this format: CN=Firstname Lastname (keyword)

The parentheses there result in this log entries:

Jul 9 14:28:11 fw01 php-fpm: /diag_authentication.php: Search resulted in error: Bad search filter
Jul 9 14:28:11 fw01 php-fpm: /diag_authentication.php: ERROR! Either LDAP search failed, or multiple users were found.

The parentheses (and possibly other characters) probably need to be escaped before submitting to LDAP.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #8626

CN in certificate and probably other user names are not properly escaped in LDAP search

Updated by Jim Pingle over 6 years ago

Updated by Jim Pingle over 6 years ago

Updated by Jim Pingle over 6 years ago