[
https://issues.apache.org/jira/browse/IMPALA-11042?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17451889#comment-17451889
]
Laszlo Gaal commented on IMPALA-11042:
--------------------------------------
[~tmate], could you perhaps prived an example for the correct escaping (e.g. in
the example case)?
thanks!
> Special characters are not escaped during LDAP search bind authentication
> -------------------------------------------------------------------------
>
> Key: IMPALA-11042
> URL: https://issues.apache.org/jira/browse/IMPALA-11042
> Project: IMPALA
> Issue Type: Bug
> Components: Security
> Affects Versions: Impala 4.0.0
> Reporter: Tamas Mate
> Assignee: Tamas Mate
> Priority: Major
>
> For search bind authentication during group search {{{{}1{}}}} notation is
> allowed, it represents the user's distinguished name, which is extracted from
> the result of the user search. In certain use-cases this can contain special
> characters, for example this a valid {{dn: cn=Doe\,
> John,ou=Users2,dc=myorg,dc=com}}. This string is then used to create a group
> search filter, however from the client end these characters should be escaped
> properly, without that the following happens:
> {code}
> W1201 15:27:45.801143 32013 ldap-util.cc:196] LDAP search failed with base
> DN=ou=Groups,dc=myorg,dc=com and filter=(uniqueMember=cn=Doe\,
> John,ou=Users2,dc=myorg,dc=com) : Bad search filter
> {code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
