You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Rafael Weingärtner (JIRA)" <ji...@apache.org> on 2017/03/03 15:23:46 UTC
[jira] [Closed] (CLOUDSTACK-4018) LDAP:able to configure ldap with
invalid queryfilter and search base values
[ https://issues.apache.org/jira/browse/CLOUDSTACK-4018?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rafael Weingärtner closed CLOUDSTACK-4018.
------------------------------------------
Resolution: Fixed
> LDAP:able to configure ldap with invalid queryfilter and search base values
> ---------------------------------------------------------------------------
>
> Key: CLOUDSTACK-4018
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4018
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: API
> Affects Versions: 4.2.0
> Reporter: sadhu suresh
> Priority: Minor
>
> try to provide invalid values for ldap query filter and search base
> after (&(email=%e)) write any string it will accpet like " (&(email=%e))sadhu"
> also for searchbase if we enter invalid values its accepting and registering successfully
> http://10.147.59.126:8080/client/api?command=ldapConfig&binddn=CN%3Dtest%2CCN%3DUsers%2CDC%3Dhyd-qa%2CDC%3Dcom&bindpass=aaaa_1111&hostname=10.147.38.163&searchbase=CN%3DUsers%2CDC%3Dhyd-qa%2CDC%3Dcom&queryfilter=(%26amp%3B(mail%3D%25e)sadhu&port=389&ssl=false&response=json&sessionkey=gNp53otI4v395R8Blh5OI7j59wE%3D
> { "ldapconfigresponse" : { "ldapconfig" : {"hostname":"10.147.38.163","port":"389","ssl":"false","searchbase":"CN=Users,DC=hyd-qa,DC=com","queryfilter":"(&(mail=%e)sadhu","binddn":"CN=test,CN=Users,DC=hyd-qa,DC=com"} } }
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)