Discussion:
authz-regexp and invalid filters
David Hawes
2010-04-27 20:00:01 UTC
Permalink
When using a search-based mapping for an authentication DN to a user's
DN, certain characters, namely '(' and ')', will cause the mapping to
fail. In order for the mapping to succeed, the characters need to be
properly escaped so they pass str2filter().

Is there any reason that special characters used in authz-regexp filters
should not be escaped when using search-based mappings?

I am testing this with 2.4.21.
m***@aero.polimi.it
2010-04-28 14:37:51 UTC
Permalink
Post by David Hawes
When using a search-based mapping for an authentication DN to a user's
DN, certain characters, namely '(' and ')', will cause the mapping to
fail. In order for the mapping to succeed, the characters need to be
properly escaped so they pass str2filter().
Is there any reason that special characters used in authz-regexp filters
should not be escaped when using search-based mappings?
I am testing this with 2.4.21.
I guess this circumstance was simply overlooked. It should be improbable,
because usually in authz-regexp filters are supposed to contain, or to be
related to, userids. I suggest you file an ITS
<http://www.openldap.org/its/>.

p.

Loading...