Backport #20200 The uid provided to the group filter must be properly escaped using the provided ldap.EscapeFilter function. Fix #20181 Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
parent
76ba23a14f
commit
42be548ecc
1 changed files with 1 additions and 1 deletions
|
@ -199,7 +199,7 @@ func checkRestricted(l *ldap.Conn, ls *Source, userDN string) bool {
|
||||||
// List all group memberships of a user
|
// List all group memberships of a user
|
||||||
func (ls *Source) listLdapGroupMemberships(l *ldap.Conn, uid string) []string {
|
func (ls *Source) listLdapGroupMemberships(l *ldap.Conn, uid string) []string {
|
||||||
var ldapGroups []string
|
var ldapGroups []string
|
||||||
groupFilter := fmt.Sprintf("(%s=%s)", ls.GroupMemberUID, uid)
|
groupFilter := fmt.Sprintf("(%s=%s)", ls.GroupMemberUID, ldap.EscapeFilter(uid))
|
||||||
result, err := l.Search(ldap.NewSearchRequest(
|
result, err := l.Search(ldap.NewSearchRequest(
|
||||||
ls.GroupDN,
|
ls.GroupDN,
|
||||||
ldap.ScopeWholeSubtree,
|
ldap.ScopeWholeSubtree,
|
||||||
|
|
Reference in a new issue