[1.17.0-rc1] LDAP Group Sync for organization teams issue with escaped characters in LDAP

[gd197]

Description

in our company AD (LDAP) , members of a group object are described according to their DN in the form:
member=CN=NAME\, SURNAME,OU=SITE,OU=Internal,OU=People,DC=my,DC=company,DC=corp
that is the exact extract from ldapsearch command on linux.
Unfortunately, the escaped coma (",") in the DN is not correctly managed by the synchronization task, all our users are managed that way
This lead to the following error log :
2022/06/30 15:43:12 ...dap/source_search.go:215:listLdapGroupMemberships() [E] [62bda870] Failed group search using filter[(member=CN=NAME\, SURNAME,OU=SITE,OU=Internal,OU=People,DC=my,DC=company,DC=corp)]: LDAP Result Code 201 "Filter Compile Error": ldap: invalid characters for escape in filter: encoding/hex: invalid byte: U+002C ','

Gitea Version

1.17-RC1

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

RHEL 7

How are you running Gitea?

Using package from release tab on github

Database

MySQL

[gd197]

most probably related to #9169 ?

[zeripath]

Are you able to tell us how they should be escaped?

[zeripath]

Should this be:

member=CN=NAME\\\, SURNAME\,OU=SITE\,OU=Internal\,OU=People\,DC=my\,DC=company\,DC=corp

[zeripath]

Or is it actually:

member=CN=NAME\\, SURNAME,OU=SITE,OU=Internal,OU=People,DC=my,DC=company,DC=corp

[zeripath]

It would be helpful if you could check the associated PR to ensure it fixes your issue.

[gd197]

Sry for my late reply, can you tell me how can I get the associated build amd64 ? I do not have the capability to build gitea in my env.
Thx for your fast answer
The correct escaping in my case is
member=CN=NAME\\, SURNAME,OU=SITE,OU=Internal,OU=People,DC=my,DC=company,DC=corp

[rmie]

@zeripath: #9169 (comment)

The recommendation there was to use \5c; but it involved strings entered via UI, likely that this caused additional escaping requirements.

Should this be:
member=CN=NAME\\\, SURNAME\,OU=SITE\,OU=Internal\,OU=People\,DC=my\,DC=company\,DC=corp

no

Or is it actually:
member=CN=NAME\\, SURNAME,OU=SITE,OU=Internal,OU=People,DC=my,DC=company,DC=corp

yes, sans \\, it might be \5c, as well

I can't build and test from source, is the PR built as docker image?

[zeripath]

Sry for my late reply, can you tell me how can I get the associated build amd64 ? I do not have the capability to build gitea in my env.

Honestly building Gitea is very very simple especially for amd64. I've previously built PRs for people but it's really something that I save for those personally sponsoring me.

The correct escaping in my case is
member=CN=NAME\\, SURNAME,OU=SITE,OU=Internal,OU=People,DC=my,DC=company,DC=corp

Ok so my PR will do the right thing.

[rmie]

@zeripath just built and tested your PR, it solves the issue for me