-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[1.17.0-rc1] LDAP Group Sync for organization teams issue with escaped characters in LDAP #20181
Comments
most probably related to #9169 ? |
Are you able to tell us how they should be escaped? |
Should this be:
|
Or is it actually:
|
The uid provided to the group filter must be properly escaped using the provided ldap.EscapeFilter function. Fix go-gitea#20181 Signed-off-by: Andrew Thornton <art27@cantab.net>
It would be helpful if you could check the associated PR to ensure it fixes your issue. |
Sry for my late reply, can you tell me how can I get the associated build amd64 ? I do not have the capability to build gitea in my env. |
The recommendation there was to use \5c; but it involved strings entered via UI, likely that this caused additional escaping requirements.
no
yes, sans \\, it might be \5c, as well I can't build and test from source, is the PR built as docker image? |
Honestly building Gitea is very very simple especially for amd64. I've previously built PRs for people but it's really something that I save for those personally sponsoring me.
Ok so my PR will do the right thing. |
@zeripath just built and tested your PR, it solves the issue for me |
The uid provided to the group filter must be properly escaped using the provided ldap.EscapeFilter function. Fix #20181 Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport go-gitea#20200 The uid provided to the group filter must be properly escaped using the provided ldap.EscapeFilter function. Fix go-gitea#20181 Signed-off-by: Andrew Thornton <art27@cantab.net>
The uid provided to the group filter must be properly escaped using the provided ldap.EscapeFilter function. Fix go-gitea#20181 Signed-off-by: Andrew Thornton <art27@cantab.net>
The uid provided to the group filter must be properly escaped using the provided ldap.EscapeFilter function. Fix go-gitea#20181 Signed-off-by: Andrew Thornton <art27@cantab.net>
Description
in our company AD (LDAP) , members of a group object are described according to their DN in the form:
member=CN=NAME\, SURNAME,OU=SITE,OU=Internal,OU=People,DC=my,DC=company,DC=corp
that is the exact extract from ldapsearch command on linux.
Unfortunately, the escaped coma (",") in the DN is not correctly managed by the synchronization task, all our users are managed that way
This lead to the following error log :
2022/06/30 15:43:12 ...dap/source_search.go:215:listLdapGroupMemberships() [E] [62bda870] Failed group search using filter[(member=CN=NAME\, SURNAME,OU=SITE,OU=Internal,OU=People,DC=my,DC=company,DC=corp)]: LDAP Result Code 201 "Filter Compile Error": ldap: invalid characters for escape in filter: encoding/hex: invalid byte: U+002C ','
Gitea Version
1.17-RC1
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
No response
Screenshots
No response
Git Version
No response
Operating System
RHEL 7
How are you running Gitea?
Using package from release tab on github
Database
MySQL
The text was updated successfully, but these errors were encountered: