You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@impala.apache.org by "Tamas Mate (Jira)" <ji...@apache.org> on 2021/12/01 14:38:00 UTC

[jira] [Created] (IMPALA-11042) Special characters are not escaped during LDAP search bind authentication

Tamas Mate created IMPALA-11042:
-----------------------------------

             Summary: Special characters are not escaped during LDAP search bind authentication
                 Key: IMPALA-11042
                 URL: https://issues.apache.org/jira/browse/IMPALA-11042
             Project: IMPALA
          Issue Type: Bug
          Components: Security
    Affects Versions: Impala 4.0.0
            Reporter: Tamas Mate
            Assignee: Tamas Mate


For search bind authentication during group search {{{{}1{}}}} notation is allowed, it represents the user's distinguished name, which is extracted from the result of the user search. In certain use-cases this can contain special characters, for example this a valid {{dn: cn=Doe\, John,ou=Users2,dc=myorg,dc=com}}. This string is then used to create a group search filter, however from the client end these characters should be escaped properly, without that the following happens:
{code}
W1201 15:27:45.801143 32013 ldap-util.cc:196] LDAP search failed with base DN=ou=Groups,dc=myorg,dc=com and filter=(uniqueMember=cn=Doe\, John,ou=Users2,dc=myorg,dc=com) : Bad search filter
{code}



--
This message was sent by Atlassian Jira
(v8.20.1#820001)