Project

General

Profile

Actions

Feature #1508

closed

auth.backend.ldap.filter: only one/first "$" replaced with Username

Added by Anonymous over 13 years ago. Updated almost 5 years ago.

Status:
Fixed
Priority:
Normal
Category:
mod_auth
Target version:
-
ASK QUESTIONS IN Forums:

Description

Using 1.4.16 from Backports.org, it's not possible to use a filter like this:

(|

(&(uid=$)(gidNumber=10))
(&(uid=$)(gidNumber=20))

)

since only the first "$" seems to be replaced by the Username passed from the Client. No question this Filter could be written in a different way, so that only one "$" has to be used - but in more complex filters, a second "$" could be helpful.

-- bruno.baketaric

Actions #1

Updated by gstrauss about 5 years ago

  • Assignee deleted (jan)
Actions #2

Updated by gstrauss about 5 years ago

  • Target version deleted (1.5.0)
Actions #3

Updated by gstrauss almost 5 years ago

  • Description updated (diff)
  • Status changed from New to Need Feedback

Is there still a desire for this?

Would a better/alternate solution to be to have a config option to specify the DN to add to usernames? Or is that desirable independently from allowing multiple replacements in the LDAP filter searching with the username for associated DN?

Actions #4

Updated by gstrauss almost 5 years ago

untested:

--- a/src/mod_authn_ldap.c
+++ b/src/mod_authn_ldap.c
@@ -339,7 +339,15 @@ static handler_t mod_authn_ldap_basic(server *srv, connection *con, void *p_d, c
     /* build filter */
     buffer_copy_buffer(p->ldap_filter, p->conf.ldap_filter_pre);
     buffer_append_string_buffer(p->ldap_filter, username);
-    buffer_append_string_buffer(p->ldap_filter, p->conf.ldap_filter_post);
+    for (char *b = p->conf.ldap_filter_post->ptr, *d; *b; b = d+1) {
+        if (NULL != (d = strchr(b, '$'))) {
+            buffer_append_string_len(p->ldap_filter, b, (size_t)(d - b));
+            buffer_append_string_buffer(p->ldap_filter, username);
+        } else {
+            buffer_append_string(p->ldap_filter, b);
+            break;
+        }
+    }

     /* 2. */
Actions #5

Updated by gstrauss almost 5 years ago

  • Status changed from Need Feedback to Fixed
  • % Done changed from 0 to 100
Actions

Also available in: Atom