You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@impala.apache.org by "Tamas Mate (Jira)" <ji...@apache.org> on 2021/12/09 09:38:00 UTC
[jira] [Resolved] (IMPALA-11042) Special characters are not escaped during LDAP search bind authentication
[ https://issues.apache.org/jira/browse/IMPALA-11042?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tamas Mate resolved IMPALA-11042.
---------------------------------
Resolution: Fixed
> Special characters are not escaped during LDAP search bind authentication
> -------------------------------------------------------------------------
>
> Key: IMPALA-11042
> URL: https://issues.apache.org/jira/browse/IMPALA-11042
> Project: IMPALA
> Issue Type: Bug
> Components: Security
> Affects Versions: Impala 4.0.0
> Reporter: Tamas Mate
> Assignee: Tamas Mate
> Priority: Major
> Fix For: Impala 4.1.0
>
>
> For search bind authentication during group search {{{{}1{}}}} notation is allowed, it represents the user's distinguished name, which is extracted from the result of the user search. In certain use-cases this can contain special characters, for example this a valid {{dn: cn=Doe\, John,ou=Users2,dc=myorg,dc=com}}. This string is then used to create a group search filter, however from the client end these characters should be escaped properly, without that the following happens:
> {code}
> W1201 15:27:45.801143 32013 ldap-util.cc:196] LDAP search failed with base DN=ou=Groups,dc=myorg,dc=com and filter=(uniqueMember=cn=Doe\, John,ou=Users2,dc=myorg,dc=com) : Bad search filter
> {code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)