Status: New
Owner: ----
Labels: Type-Defect Priority-Medium

New issue 2928 by jerem...@gmail.com: When using AD group name filters, group names are not escaped
http://code.google.com/p/reviewboard/issues/detail?id=2928

*** For customer support, please post to reviewbo...@googlegroups.com
*** If you have a patch, please submit it to
http://reviews.reviewboard.org/
***
*** Do not post confidential information in this bug report!

What version are you running?
1.7.6

What's the URL of the page containing the problem?
Internal URL

What steps will reproduce the problem?
1. Have an AD group with a character that requires escaping (e.g. 'C# Users')
2. Add a user to that AD group
3. Try to login as that user when a group filter (on a different AD group, such as my_group) is enabled, and with recursion enabled 4. See an error in the log for: "Active Directory error: failed gettinggroups for user 'username': {'desc': 'Bad search filter'}"

What is the expected output? What do you see instead?
User should be able to login. Instead, they get a login failure.

What operating system are you using? What browser?
RB on Ubuntu 12.04, Chrome on Win7.

Please provide any additional information below.
the get_member_of function in ActiveDirectoryBackend in backends.py should probably call ldap.filter.escape_filter_chars on the group name before passing it into search_ad. There may be other locations where escaping is necessary.

--
You received this message because this project is configured to send all issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

--
You received this message because you are subscribed to the Google Groups 
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard-issues+unsubscr...@googlegroups.com.
To post to this group, send email to reviewboard-issues@googlegroups.com.
Visit this group at http://groups.google.com/group/reviewboard-issues?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.


Reply via email to