cpuschma
commented
6 months ago Using unparsed input in ldap filters is dangerous, you need to escape all corresponding characters using ldap.EscapeFilter
Closed djetelina closed 6 months ago
cpuschma
commented
6 months ago Using unparsed input in ldap filters is dangerous, you need to escape all corresponding characters using ldap.EscapeFilter
djetelina
commented
6 months ago Thanks a lot for the reply! My smarter colleague figured as much and opened a PR in the right place. Which means I can close my issue here then :)
Hey, my names sometimes look like
John Doe (EXT). This seems to break compiling, even though brackets should be valid characters. I am not proficient with golang by any stretch, but it seems thatcase '(':in compileFilter might be the cause?I tracked it going from ldap terraform provider to its underlying library, to here. There's not much I can do in code, since I don't interact with the code.