(Seems like I have character encoding issues of my own.) The characters that AD allows but CS doesn’t are the greater than (>) and less than (<) characters. Hope the previous message wasn’t too garbled for decipherment…
-I On 12/10/14, 2:37 PM, "Ian Forde" <ifo...@marketo.com> wrote: >Following up on thisŠ > >It¹s via the UI. We¹re using LDAP authentication with Active Directory as >the backend, where AD allows Œ<Œ and Œ>¹ but Cloudstack apparently >doesn¹t. We¹ve disabled connection security on LDAP and used tcpdump to >verify that CS is mistakenly encoding those characters before sending them >off to AD. Could this be an unintended artifact of the XSS defensive code >(maybe CLOUDSTACK-2936)? Right now we¹re looking at telling folks to >change their passwords if they¹ve got either of those characters in their >password. And if there are other characters that get encoded, we don¹t >know what they are yetŠ > >Help? > > >On 12/10/14, 2:31 PM, "Yiping Zhang" <yzh...@marketo.com> wrote: > >> >> >>On 11/3/14, 4:22 PM, "Demetrius Tsitrelis" >><demetrius.tsitre...@citrix.com> wrote: >> >>>Is that a password which is being used by the API directly or via the >>>UI? >>> I think the UI has a text sanitization function which tries to HTML >>>encode the "<" and ">" characters as a first-line cross-site scripting >>>defense. >>> >>>-----Original Message----- >>>From: Yiping Zhang [mailto:yzh...@marketo.com] >>>Sent: Monday, November 03, 2014 2:14 PM >>>To: users@cloudstack.apache.org >>>Subject: cloudstack user password requirements >>> >>>Hi, >>> >>>By chance, we found out that CS user password can not contain "<" or ">" >>>characters, what other characters are illegal in user's password >>>string? >>>We are not able to find any documents on the subject. >>> >>>Thanks >>> >>>Yiping >> >
