toddyo / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

Apostrophe/Single Quote in LDAP Search Filter #697

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1.Configure forgotten password to match users based on their email address.
2.Enter an email address with an apostrophe in it e.g 
Sean.O'Brien@somedomain.com
3.Submit the query.

I would expect the LDAP search to run against the server and return the DN of 
the matching user to perform password reset however the error returned 
indicates no matches were found.

LDAP tracing on the server shows that for email addresses without apostrophes 
the query runs and returns a result, but for email addresses with apostrophes 
the query is never submitted to the server.

This was tested on PWM 1.7 and eDirectory 8.8.8 for LDAP tracing.

Original issue reported on code.google.com by alt.ken....@gmail.com on 14 Jul 2015 at 11:22