[BUGFIX] LDAP group retrieval of users with parenthesis in their name (#713)
This aligns the search filter escaping to [RFC4515](https://tools.ietf.org/search/rfc4515). `base.ldif` has also been updated to be a closer match to RFC 2307.pull/714/head
Amir Zarrinkafsh
GitHub
parent
7145ccc228
commit
eeabb96dd0
|
|
@ -169,7 +169,7 @@ func (p *LDAPUserProvider) createGroupsFilter(conn LDAPConnection, username stri
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
return strings.Replace(p.configuration.GroupsFilter, "{dn}", profile.DN, -1), nil
|
return strings.Replace(p.configuration.GroupsFilter, "{dn}", ldap.EscapeFilter(profile.DN), -1), nil
|
||||||
} else if strings.Contains(p.configuration.GroupsFilter, "{1}") {
|
} else if strings.Contains(p.configuration.GroupsFilter, "{1}") {
|
||||||
profile, err := p.getUserProfile(conn, username)
|
profile, err := p.getUserProfile(conn, username)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -10,58 +10,63 @@ ou: users
|
||||||
|
|
||||||
dn: cn=dev,ou=groups,dc=example,dc=com
|
dn: cn=dev,ou=groups,dc=example,dc=com
|
||||||
cn: dev
|
cn: dev
|
||||||
member: uid=john,ou=users,dc=example,dc=com
|
member: cn=John Doe (external),ou=users,dc=example,dc=com
|
||||||
member: uid=bob,ou=users,dc=example,dc=com
|
member: cn=Bob Dylan,ou=users,dc=example,dc=com
|
||||||
objectclass: groupOfNames
|
objectclass: groupOfNames
|
||||||
objectclass: top
|
objectclass: top
|
||||||
|
|
||||||
dn: cn=admins,ou=groups,dc=example,dc=com
|
dn: cn=admins,ou=groups,dc=example,dc=com
|
||||||
cn: admins
|
cn: admins
|
||||||
member: uid=john,ou=users,dc=example,dc=com
|
member: cn=John Doe (external),ou=users,dc=example,dc=com
|
||||||
objectclass: groupOfNames
|
objectclass: groupOfNames
|
||||||
objectclass: top
|
objectclass: top
|
||||||
|
|
||||||
dn: uid=john,ou=users,dc=example,dc=com
|
dn: cn=John Doe (external),ou=users,dc=example,dc=com
|
||||||
uid: john
|
cn: John Doe (external)
|
||||||
cn: john
|
givenName: John
|
||||||
objectclass: inetOrgPerson
|
objectclass: inetOrgPerson
|
||||||
objectclass: top
|
objectclass: top
|
||||||
mail: john.doe@authelia.com
|
mail: john.doe@authelia.com
|
||||||
sn: John Doe
|
sn: Doe
|
||||||
|
uid: john
|
||||||
userpassword: {CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/
|
userpassword: {CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/
|
||||||
|
|
||||||
dn: uid=harry,ou=users,dc=example,dc=com
|
dn: cn=Harry Potter,ou=users,dc=example,dc=com
|
||||||
uid: harry
|
cn: Harry Potter
|
||||||
cn: harry
|
givenName: Harry
|
||||||
objectclass: inetOrgPerson
|
objectclass: inetOrgPerson
|
||||||
objectclass: top
|
objectclass: top
|
||||||
mail: harry.potter@authelia.com
|
mail: harry.potter@authelia.com
|
||||||
sn: Harry Potter
|
sn: Potter
|
||||||
|
uid: harry
|
||||||
userpassword: {CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/
|
userpassword: {CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/
|
||||||
|
|
||||||
dn: uid=bob,ou=users,dc=example,dc=com
|
dn: cn=Bob Dylan,ou=users,dc=example,dc=com
|
||||||
uid: bob
|
cn: Bob Dylan
|
||||||
cn: bob
|
givenName: Bob
|
||||||
objectclass: inetOrgPerson
|
objectclass: inetOrgPerson
|
||||||
objectclass: top
|
objectclass: top
|
||||||
mail: bob.dylan@authelia.com
|
mail: bob.dylan@authelia.com
|
||||||
sn: Bob Dylan
|
sn: Dylan
|
||||||
|
uid: bob
|
||||||
userpassword: {CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/
|
userpassword: {CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/
|
||||||
|
|
||||||
dn: uid=james,ou=users,dc=example,dc=com
|
dn: cn=James Dean,ou=users,dc=example,dc=com
|
||||||
uid: james
|
cn: James Dean
|
||||||
cn: james
|
givenName: James
|
||||||
objectclass: inetOrgPerson
|
objectclass: inetOrgPerson
|
||||||
objectclass: top
|
objectclass: top
|
||||||
mail: james.dean@authelia.com
|
mail: james.dean@authelia.com
|
||||||
sn: James Dean
|
sn: Dean
|
||||||
|
uid: james
|
||||||
userpassword: {CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/
|
userpassword: {CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/
|
||||||
|
|
||||||
dn: uid=blackhat,ou=users,dc=example,dc=com
|
dn: cn=Billy Blackhat,ou=users,dc=example,dc=com
|
||||||
uid: blackhat
|
cn: Billy Blackhat
|
||||||
cn: blackhat
|
givenName: Billy
|
||||||
objectclass: inetOrgPerson
|
objectclass: inetOrgPerson
|
||||||
objectclass: top
|
objectclass: top
|
||||||
mail: billy.blackhat@authelia.com
|
mail: billy.blackhat@authelia.com
|
||||||
sn: Billy BlackHat
|
sn: BlackHat
|
||||||
|
uid: blackhat
|
||||||
userpassword: {CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/
|
userpassword: {CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue