When using a search-based mapping for an authentication DN to a user's DN, certain characters, namely '(' and ')', will cause the mapping to fail. In order for the mapping to succeed, the characters need to be properly escaped so they pass str2filter().
Is there any reason that special characters used in authz-regexp filters should not be escaped when using search-based mappings?
I am testing this with 2.4.21.
When using a search-based mapping for an authentication DN to a user's DN, certain characters, namely '(' and ')', will cause the mapping to fail. In order for the mapping to succeed, the characters need to be properly escaped so they pass str2filter().
Is there any reason that special characters used in authz-regexp filters should not be escaped when using search-based mappings?
I am testing this with 2.4.21.
I guess this circumstance was simply overlooked. It should be improbable, because usually in authz-regexp filters are supposed to contain, or to be related to, userids. I suggest you file an ITS http://www.openldap.org/its/.
p.
openldap-software@openldap.org
-
David Hawes -
masaratiļ¼ aero.polimi.it