I am looking at an old block of code in mod_authnz_ldap that seems to have been there since it was imported. We do some escaping of the HTTP basic auth username before copying it into a filter.
for (p = user, q=filtbuf + len;
*p && q < filtbuf_end; *q++ = *p++) {
if (strchr("*()\\", *p) != NULL) {
*q++ = '\\';
if (q >= filtbuf_end) {
break;
}
}
}
But neither http://tools.ietf.org/html/rfc4514 nor
--
Eric Covener
[email protected]
