sadhu suresh created CLOUDSTACK-4018:
----------------------------------------
Summary: LDAP:able to configure ldap with invalid queryfilter and
search base values
Key: CLOUDSTACK-4018
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4018
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: API
Affects Versions: 4.2.0
Reporter: sadhu suresh
Priority: Minor
try to provide invalid values for ldap query filter and search base
after (&(email=%e)) write any string it will accpet like " (&(email=%e))sadhu"
also for searchbase if we enter invalid values its accepting and registering
successfully
http://10.147.59.126:8080/client/api?command=ldapConfig&binddn=CN%3Dtest%2CCN%3DUsers%2CDC%3Dhyd-qa%2CDC%3Dcom&bindpass=aaaa_1111&hostname=10.147.38.163&searchbase=CN%3DUsers%2CDC%3Dhyd-qa%2CDC%3Dcom&queryfilter=(%26amp%3B(mail%3D%25e)sadhu&port=389&ssl=false&response=json&sessionkey=gNp53otI4v395R8Blh5OI7j59wE%3D
{ "ldapconfigresponse" : { "ldapconfig" :
{"hostname":"10.147.38.163","port":"389","ssl":"false","searchbase":"CN=Users,DC=hyd-qa,DC=com","queryfilter":"(&(mail=%e)sadhu","binddn":"CN=test,CN=Users,DC=hyd-qa,DC=com"}
} }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
