Tamas Mate created IMPALA-11042:
-----------------------------------
Summary: Special characters are not escaped during LDAP search
bind authentication
Key: IMPALA-11042
URL: https://issues.apache.org/jira/browse/IMPALA-11042
Project: IMPALA
Issue Type: Bug
Components: Security
Affects Versions: Impala 4.0.0
Reporter: Tamas Mate
Assignee: Tamas Mate
For search bind authentication during group search {{{{}1{}}}} notation is
allowed, it represents the user's distinguished name, which is extracted from
the result of the user search. In certain use-cases this can contain special
characters, for example this a valid {{dn: cn=Doe\,
John,ou=Users2,dc=myorg,dc=com}}. This string is then used to create a group
search filter, however from the client end these characters should be escaped
properly, without that the following happens:
{code}
W1201 15:27:45.801143 32013 ldap-util.cc:196] LDAP search failed with base
DN=ou=Groups,dc=myorg,dc=com and filter=(uniqueMember=cn=Doe\,
John,ou=Users2,dc=myorg,dc=com) : Bad search filter
{code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
