Cannot login via ldap - dn not escaped before insertion to filter

[tommywo]

Describe the bug We cannot login to artemis using LDAP - web ui shows 502 error from nginx, frontend service throws error

Affected Component(s)

• [ ] Back-End (Node.js, Next.js)
• [x] Front-End (React.js)
• [ ] Theming (CSS, React theme)
• [ ] Build System
• [ ] Docs

To Reproduce Steps to reproduce the behavior:

1. Configure LDAP
2. Try to login with user that has ( or ) in DN

Expected behavior User is logged in

Screenshots System (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Additional context Similar issue https://github.com/ldapjs/node-ldapjs/issues/621

[vkotronis]

@tommywo this seems like an LDAP-specific issue. We can check if we can escape it in the nextjs package we are using, but typically these types of problems are on-premise and hard to replicate. We will check if we should upgrade or downgrade the ldap filter version we are using, but that might affect other users too so needs some checking. @CuriouzK0d3r could you comment here with the current package versions we employ in artemis-web?

@tommywo a temp fix is to use a DN with legal characters, not sure what is allowed according to the standard.

[CuriouzK0d3r]

Hello! We are using passport-ldapauth: ^3.0.1 alongside with passport: ^0.5.0 :)