EscapeFilter the group dn membership (#20200)
The uid provided to the group filter must be properly escaped using the provided ldap.EscapeFilter function. Fix #20181 Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
parent
45f17528a8
commit
6efbe49439
|
@ -199,7 +199,7 @@ func checkRestricted(l *ldap.Conn, ls *Source, userDN string) bool {
|
||||||
// List all group memberships of a user
|
// List all group memberships of a user
|
||||||
func (source *Source) listLdapGroupMemberships(l *ldap.Conn, uid string) []string {
|
func (source *Source) listLdapGroupMemberships(l *ldap.Conn, uid string) []string {
|
||||||
var ldapGroups []string
|
var ldapGroups []string
|
||||||
groupFilter := fmt.Sprintf("(%s=%s)", source.GroupMemberUID, uid)
|
groupFilter := fmt.Sprintf("(%s=%s)", source.GroupMemberUID, ldap.EscapeFilter(uid))
|
||||||
result, err := l.Search(ldap.NewSearchRequest(
|
result, err := l.Search(ldap.NewSearchRequest(
|
||||||
source.GroupDN,
|
source.GroupDN,
|
||||||
ldap.ScopeWholeSubtree,
|
ldap.ScopeWholeSubtree,
|
||||||
|
|
Loading…
Reference in a new issue