Defect #1890

LDAP Filter can't have spaces

Added by Ryan G about 9 years ago. Updated almost 9 years ago.

Status:ClosedStart date:2008-09-11
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Administration
Target version:0.8
Resolution:Fixed Affected version:

Description

ruby-net-ldap doesn't like the ldap filter to contain spaces. The input for LDAP attributes should be check for this and other requirements if necessary. The ldap search function fails silently if there is a space.

Ex. (which happened to me)

I copied and pasted the sAMAccountName attribute into the login field, I didn't notice but I grabbed the space at the end also. I couldn't get LDAP auth to work b/c the filter was set to "sAMAccountName =ryan.gibbons" . Even a simple .trim() fucntion would fix this (not sure if ruby has that), but I think check the input for invalid LDAP filter characters wouldn't be a bad thing.

I am running r1784 from svn.

Associated revisions

Revision 1894
Added by Jean-Philippe Lang about 9 years ago

Strip LDAP attribute names before saving (#1890).

Revision 1898
Added by Nicolas Chuche about 9 years ago

r18645@gaspard (orig r1887): jplang | 2008-09-20 16:07:52 +0200
Fixed: Roadmap crashes when a version has a due date > 2037.
r18646@gaspard (orig r1888): jplang | 2008-09-21 10:54:02 +0200
Fixed: invalid effective date (eg. 99999-01-01) causes an error on version edition screen.
r18647@gaspard (orig r1889): jplang | 2008-09-21 10:54:50 +0200
Fixes VersionTest class.
r18648@gaspard (orig r1890): jplang | 2008-09-21 14:07:44 +0200
Fixed: login filter providing incorrect back_url for Redmine installed in sub-directory (#1900).
r18649@gaspard (orig r1891): winterheart | 2008-09-21 14:31:34 +0200
de.yml from #1745, thank to Sven Schuchmann and Thomas Löber for contribution
r18650@gaspard (orig r1892): winterheart | 2008-09-21 14:32:16 +0200
#1928, update for Italian language
r18651@gaspard (orig r1893): jplang | 2008-09-21 14:45:22 +0200
Unescape back_url param before calling redirect_to.
r18652@gaspard (orig r1894): jplang | 2008-09-21 15:28:12 +0200
Strip LDAP attribute names before saving (#1890).
r18653@gaspard (orig r1895): jplang | 2008-09-21 20:45:30 +0200
Switch order of current and previous revisions in side-by-side diff (#1903).
r18654@gaspard (orig r1896): jplang | 2008-09-21 22:38:36 +0200
Typo in migration 97 name (#1929).
r18655@gaspard (orig r1897): winterheart | 2008-09-22 16:49:18 +0200
#1921, pt translation

History

#1 Updated by Jean-Philippe Lang about 9 years ago

  • Status changed from New to Resolved
  • Target version set to 0.8
  • Resolution set to Fixed

Attribute names are now stripped (r1894).

I think check the input for invalid LDAP filter characters wouldn't be a bad thing

I agree but I'm not sure what characters should be allowed. Maybe /^[a-zA-Z0-9\-]+$/ ?

#2 Updated by Jean-Philippe Lang almost 9 years ago

  • Category set to Administration
  • Status changed from Resolved to Closed

Fill a request for LDAP attribute validation if needed.

Also available in: Atom PDF