Open drewferagen opened 4 years ago
nskalis
commented
4 years ago Thank you for this. I tried your way, but unfortunately it didn't work for me. Do you mind checking for any diff between my version and yours ? Please find it attached. ngx_http_auth_ldap_module.c.zip
drewferagen
commented
4 years ago I checked and that code matches the changes that I had made. I compiled my nginx with debug turned on and set up the error_log to debug.
Before I Would get the search error and now with the changes I made I get this: 2019/10/24 09:24:57 [debug] 3386#0: 58 http_auth_ldap: Search group filter is "(&(cn=ldapgroup)(member=CN=Feragen\5c, Andrew,OU=Users,OU=User Accounts,DC=domain,DC=org))" 2019/10/24 09:24:57 [debug] 3386#0: 58 http_auth_ldap: ldap_search_ext() -> msgid=3
Before at the group search phase it would have a \ instead of \5c and fail with a -7 error.
When testing I did a ldapsearch command with that same filter. I suggest turning on debugging and see what filter it was using when it fails and try to replicate the search with ldapsearch and see what is broken with it?
So I ran into an issue with this auth module. When the user logging in has a CN with a comma aka CN="Lastname, Firstname" the result returns it escaped like CN="Lastname\, Firstname"
Now when the group filter is created it has a slash in there, but to work it needs a \5c instead, which is the ascii for \, I modified the source to change that character in the userdn and it started working for me.
I attached my code change, you will probably want to rewrite it, I am not very experienced in C. diff.txt