You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@impala.apache.org by "Tamas Mate (Jira)" <ji...@apache.org> on 2021/12/09 09:38:00 UTC

[jira] [Resolved] (IMPALA-11042) Special characters are not escaped during LDAP search bind authentication

     [ https://issues.apache.org/jira/browse/IMPALA-11042?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tamas Mate resolved IMPALA-11042.
---------------------------------
    Resolution: Fixed

> Special characters are not escaped during LDAP search bind authentication
> -------------------------------------------------------------------------
>
>                 Key: IMPALA-11042
>                 URL: https://issues.apache.org/jira/browse/IMPALA-11042
>             Project: IMPALA
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: Impala 4.0.0
>            Reporter: Tamas Mate
>            Assignee: Tamas Mate
>            Priority: Major
>             Fix For: Impala 4.1.0
>
>
> For search bind authentication during group search {{{{}1{}}}} notation is allowed, it represents the user's distinguished name, which is extracted from the result of the user search. In certain use-cases this can contain special characters, for example this a valid {{dn: cn=Doe\, John,ou=Users2,dc=myorg,dc=com}}. This string is then used to create a group search filter, however from the client end these characters should be escaped properly, without that the following happens:
> {code}
> W1201 15:27:45.801143 32013 ldap-util.cc:196] LDAP search failed with base DN=ou=Groups,dc=myorg,dc=com and filter=(uniqueMember=cn=Doe\, John,ou=Users2,dc=myorg,dc=com) : Bad search filter
> {code}



--
This message was sent by Atlassian Jira
(v8.20.1#820001)