plugin seems to ignore spaces in `searchFilter`

wiltonsr / ldapAuth

An open source Traefik Middleware that enables authentication via LDAP in a similar way to Traefik Enterprise

https://plugins.traefik.io/plugins/628c9eb7ffc0cd18356a979c/ldap-auth

Apache License 2.0

111 stars 10 forks source link

plugin seems to ignore spaces in `searchFilter` #29

Closed maniel closed 1 year ago

maniel commented 1 year ago

tried this filter: (&(memberOf=CN=Administratorzy domeny,CN=Users,DC=wupb,DC=lokalna)(objectClass=user)(sAMAccountName={{.Username}})) it fails and i see this in the logs:

DEBUG: ldapAuth: 2022/12/01 12:15:30 restricted.go:51: Running in Search Mode
DEBUG: ldapAuth: 2022/12/01 12:15:30 restricted.go:51: Performing User BindDN Search
DEBUG: ldapAuth: 2022/12/01 12:15:30 restricted.go:51: Search Filter: '(&(memberOf=CN=Administratorzydomeny,CN=Users,DC=wupb,DC=lokalna)(sAMAccountName=myusername))'

using quotation marks around the group name doesn't seem to solve the problem, as far as i know spaces in group names are common in Active Directory

wiltonsr commented 1 year ago

Hello, @maniel Thanks for your interest in ldapAuth.

This problem comes from here: https://github.com/wiltonsr/ldapAuth/blob/0f224f694dc1e2f2d151bfe1f52541d4fdc76213/ldapauth.go#L442

This ReplaceAll is applied to prevent breaks in go/template substitutions.

You are right, LDAP must support spaces.

I'll work on this soon.