vt-ldap: escape attribute value characters per rfc2254 in the SearchDnResolver

mdarifmustafa / vt-middleware

Automatically exported from code.google.com/p/vt-middleware

0 stars 0 forks source link

vt-ldap: escape attribute value characters per rfc2254 in the SearchDnResolver #93

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

The SearchDnResolver currently allows:
*, (, ), \, NUL as part of the attribute value match.

Provide an option in SearchDnResolver to escape these characters.

Specifically this will disallow wildcard searches from user input.

Original issue reported on code.google.com by dfis...@gmail.com on 28 Sep 2010 at 8:08

GoogleCodeExporter commented 8 years ago

This bug only impacts the use of 'userField', which constructs the LDAP filter 
for the user.
Using 'userFilter' will avoid this bug.

Original comment by dfis...@gmail.com on 29 Sep 2010 at 3:49

GoogleCodeExporter commented 8 years ago

Rather than appending the user in the filter, append '{0}' and take advantage 
of the user string which is already set as a filter argument.
Fixed in r1634.

Original comment by dfis...@gmail.com on 29 Sep 2010 at 8:04

Changed state: Fixed