Project

General

Profile

Feature #1508

auth.backend.ldap.filter: only one/first "$" replaced with Username

Added by Anonymous almost 10 years ago. Updated about 1 year ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
mod_auth
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Missing in 1.5.x:

Description

Using 1.4.16 from Backports.org, it's not possible to use a filter like this:

(|

(&(uid=$)(gidNumber=10))
(&(uid=$)(gidNumber=20))

)

since only the first "$" seems to be replaced by the Username passed from the Client. No question this Filter could be written in a different way, so that only one "$" has to be used - but in more complex filters, a second "$" could be helpful.

-- bruno.baketaric

Associated revisions

Revision 59c753bf (diff)
Added by gstrauss about 1 year ago

[mod_auth] ldap filter subst user for multiple '$' (fixes #1508)

ldap filter supports substitution of multiple '$', each with username

x-ref:
"auth.backend.ldap.filter: only one/first "$" replaced with Username"
https://redmine.lighttpd.net/issues/1508

History

#1

Updated by gstrauss over 1 year ago

  • Assignee deleted (jan)
#2

Updated by gstrauss over 1 year ago

  • Target version deleted (1.5.0)
#3

Updated by gstrauss about 1 year ago

  • Description updated (diff)
  • Status changed from New to Need Feedback

Is there still a desire for this?

Would a better/alternate solution to be to have a config option to specify the DN to add to usernames? Or is that desirable independently from allowing multiple replacements in the LDAP filter searching with the username for associated DN?

#4

Updated by gstrauss about 1 year ago

untested:

--- a/src/mod_authn_ldap.c
+++ b/src/mod_authn_ldap.c
@@ -339,7 +339,15 @@ static handler_t mod_authn_ldap_basic(server *srv, connection *con, void *p_d, c
     /* build filter */
     buffer_copy_buffer(p->ldap_filter, p->conf.ldap_filter_pre);
     buffer_append_string_buffer(p->ldap_filter, username);
-    buffer_append_string_buffer(p->ldap_filter, p->conf.ldap_filter_post);
+    for (char *b = p->conf.ldap_filter_post->ptr, *d; *b; b = d+1) {
+        if (NULL != (d = strchr(b, '$'))) {
+            buffer_append_string_len(p->ldap_filter, b, (size_t)(d - b));
+            buffer_append_string_buffer(p->ldap_filter, username);
+        } else {
+            buffer_append_string(p->ldap_filter, b);
+            break;
+        }
+    }

     /* 2. */
#5

Updated by gstrauss about 1 year ago

  • Status changed from Need Feedback to Fixed
  • % Done changed from 0 to 100

Also available in: Atom