saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

LDAP auth: Escape filter value for group membership search

Browse source 
The result from a user search need to be escaped when put to the group membership search. Otherwise the search will result with:

[ERROR   ] Exception thrown while retrieving group membership in AD: {'desc': 'Bad search filter'}
This commit is contained in:
Michal Galet 2015-05-07 22:35:40 +02:00
parent ea55c44bbb
commit 33038b9f86
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
salt/auth/ldap.py
View file

@ -269,8 +269,9 @@ def groups(username, **kwargs):
log.error('Could not get distinguished name for user {0}'.format(username))
return group_list
# LDAP results are always tuples. First entry in the tuple is the DN
dn = user_dn_results[0][0]
dn = ldap.filter.escape_filter_chars(user_dn_results[0][0])
ldap_search_string = '(&(member={0})(objectClass={1}))'.format(dn, _config('groupclass'))
log.debug('Running LDAP group membership search: {0}'.format(ldap_search_string))
try:
search_results = bind.search_s(_config('basedn'),
ldap.SCOPE_SUBTREE,