From e5c982fa61f9f1b289d7454bdb92ee3167ee784d Mon Sep 17 00:00:00 2001 From: James Moger <james.moger@gitblit.com> Date: Mon, 31 Mar 2014 12:20:58 -0400 Subject: [PATCH] Merge pull request #164 from jaa127/ldap-bind-escape --- src/main/java/com/gitblit/auth/LdapAuthProvider.java | 2 +- src/test/java/com/gitblit/tests/LdapAuthenticationTest.java | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletions(-) diff --git a/src/main/java/com/gitblit/auth/LdapAuthProvider.java b/src/main/java/com/gitblit/auth/LdapAuthProvider.java index 892f30b..83f2466 100644 --- a/src/main/java/com/gitblit/auth/LdapAuthProvider.java +++ b/src/main/java/com/gitblit/auth/LdapAuthProvider.java @@ -299,7 +299,7 @@ String bindPattern = settings.getString(Keys.realm.ldap.bindpattern, ""); if (!StringUtils.isEmpty(bindPattern)) { try { - String bindUser = StringUtils.replace(bindPattern, "${username}", simpleUsername); + String bindUser = StringUtils.replace(bindPattern, "${username}", escapeLDAPSearchFilter(simpleUsername)); ldapConnection.bind(bindUser, new String(password)); alreadyAuthenticated = true; diff --git a/src/test/java/com/gitblit/tests/LdapAuthenticationTest.java b/src/test/java/com/gitblit/tests/LdapAuthenticationTest.java index b037754..21063d5 100644 --- a/src/test/java/com/gitblit/tests/LdapAuthenticationTest.java +++ b/src/test/java/com/gitblit/tests/LdapAuthenticationTest.java @@ -258,6 +258,19 @@ assertNull(userThreeModel.getTeam("git_admins")); assertTrue(userThreeModel.canAdmin); } + + @Test + public void testBindWithUser() { + settings.put(Keys.realm.ldap.bindpattern, "CN=${username},OU=US,OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain"); + settings.put(Keys.realm.ldap.username, ""); + settings.put(Keys.realm.ldap.password, ""); + + UserModel userOneModel = auth.authenticate("UserOne", "userOnePassword".toCharArray()); + assertNotNull(userOneModel); + + UserModel userOneModelFailedAuth = auth.authenticate("UserOne", "userTwoPassword".toCharArray()); + assertNull(userOneModelFailedAuth); + } private int countLdapUsersInUserManager() { int ldapAccountCount = 0; -- Gitblit v1.9.1