[SERVER-31625] The contents of {USER} needs to be escaped when querying for the groups using LDAP server Created: 18/Oct/17 Updated: 30/Oct/23 Resolved: 05/Dec/17 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 3.4.9 |
| Fix Version/s: | 3.4.11, 3.6.2, 3.7.1 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Andrey Brindeyev | Assignee: | Andrey Brindeyev |
| Resolution: | Fixed | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||
| Operating System: | ALL | ||||||||||||||||
| Backport Requested: |
v3.6, v3.4
|
||||||||||||||||
| Sprint: | Platforms 2017-11-13, Platforms 2017-12-04 | ||||||||||||||||
| Participants: | |||||||||||||||||
| Case: | (copied to CRM) | ||||||||||||||||
| Description |
|
When LDAP authentication and authorization is enabled in the Server, the contents of {USER} value in the security.ldap.authz.queryTemplate configuration option needs to be escaped in accordance to the RFC4515. Please see the example below:
mongod.log:
Correspondent ldapsearch reproduction (please disregard bash-related escaping of the single quote character):
Correct search filter syntax (please disregard bash-related escaping of the single quote character):
|
| Comments |
| Comment by Githook User [ 04/Jan/18 ] |
|
Author: {'name': 'Andrey Brindeyev', 'email': 'andrey.brindeyev@mongodb.com'}Message: Closes #32 (cherry picked from commit bd0e263e5813659193bfc53a92a908f64d3344d5) |
| Comment by Githook User [ 04/Jan/18 ] |
|
Author: {'name': 'Andrey Brindeyev', 'email': 'andrey.brindeyev@mongodb.com'}Message: Closes #32 (cherry picked from commit bd0e263e5813659193bfc53a92a908f64d3344d5) |
| Comment by Githook User [ 05/Dec/17 ] |
|
Author: {'email': 'andrey.brindeyev@mongodb.com', 'name': 'Andrey Brindeyev'}Message: Closes #32 |