Actions
Feature #1508
closedauth.backend.ldap.filter: only one/first "$" replaced with Username
Status:
Fixed
Priority:
Normal
Category:
mod_auth
Target version:
-
ASK QUESTIONS IN Forums:
Description
Using 1.4.16 from Backports.org, it's not possible to use a filter like this:
(|
(&(uid=$)(gidNumber=10))(&(uid=$)(gidNumber=20)))
since only the first "$" seems to be replaced by the Username passed from the Client. No question this Filter could be written in a different way, so that only one "$" has to be used - but in more complex filters, a second "$" could be helpful.
-- bruno.baketaric
Updated by gstrauss over 7 years ago
- Description updated (diff)
- Status changed from New to Need Feedback
Is there still a desire for this?
Would a better/alternate solution to be to have a config option to specify the DN to add to usernames? Or is that desirable independently from allowing multiple replacements in the LDAP filter searching with the username for associated DN?
Updated by gstrauss over 7 years ago
untested:
--- a/src/mod_authn_ldap.c
+++ b/src/mod_authn_ldap.c
@@ -339,7 +339,15 @@ static handler_t mod_authn_ldap_basic(server *srv, connection *con, void *p_d, c
/* build filter */
buffer_copy_buffer(p->ldap_filter, p->conf.ldap_filter_pre);
buffer_append_string_buffer(p->ldap_filter, username);
- buffer_append_string_buffer(p->ldap_filter, p->conf.ldap_filter_post);
+ for (char *b = p->conf.ldap_filter_post->ptr, *d; *b; b = d+1) {
+ if (NULL != (d = strchr(b, '$'))) {
+ buffer_append_string_len(p->ldap_filter, b, (size_t)(d - b));
+ buffer_append_string_buffer(p->ldap_filter, username);
+ } else {
+ buffer_append_string(p->ldap_filter, b);
+ break;
+ }
+ }
/* 2. */
Updated by gstrauss over 7 years ago
- Status changed from Need Feedback to Fixed
- % Done changed from 0 to 100
Applied in changeset 59c753bf9fdd1241bcaa63ce05bb10a83e6a796e.
Actions
Also available in: Atom