Handle escaped comma in LDAP DN string

Closes #326
2025-07-20 21:59:42 +02:00 · 2019-10-28 15:03:53 +00:00 · 2019-10-28 15:03:53 +00:00 · 8fa8a3657c
commit 8fa8a3657c
parent a64a219ce8
1 changed files with 41 additions and 2 deletions
--- a/domain/auth/ldap/ldap.go
+++ b/domain/auth/ldap/ldap.go
@ -172,9 +172,9 @@ func executeGroupFilter(c lm.LDAPConfig) (u []lm.LDAPUser, err error) {
 			continue
 		}
 		// Get CN element from DN.
 		for _, entry := range rawMembers {
-			// get CN element from DN
+			parts := splitDN(entry)
 			parts := strings.Split(entry, ",")
 			if len(parts) == 0 {
 				continue
 			}
@ -204,6 +204,45 @@ func executeGroupFilter(c lm.LDAPConfig) (u []lm.LDAPUser, err error) {
 	return
 }
 // splitDN handles splitting of DN string whilst respecting
 // escaped comma characters.
 //
 // DN values can contain escaped commas like in two ways:
 //
 // 		\,
 // 		\\5c,
 //
 // Relevant notes:
 // 		https://docs.oracle.com/cd/E19424-01/820-4811/gdxpo/index.html#6ng8i269q
 // 		https://devblogs.microsoft.com/scripting/how-can-i-work-with-a-cn-that-has-a-comma-in-it/
 //
 // Example:
 //		CN=Surname\, Name,OU=Something,OU=AD-Example,OU=Examaple,DC=example,DC=example,DC=com
 //
 // When we split on comma, here is our logic:
 //
 // 1. We replace any escaped comma values with a special character sequence, in this case !?!
 // 2. We string.split on comma as per usual.
 // 3. We put back the original escaped comma values.
 func splitDN(dn string) []string {
 	var r string
 	r = strings.ReplaceAll(dn, "\\5c,", "!!1!!")
 	r = strings.ReplaceAll(dn, "\\,", "!!2!!")
 	sp := strings.Split(r, ",")
 	for i := range sp {
 		val := sp[i]
 		r2 := strings.ReplaceAll(val, "!!1!!", "\\5c,")
 		r2 = strings.ReplaceAll(val, "!!2!!", "\\,")
 		sp[i] = r2
 	}
 	return sp
 }
 // extractUser build user record from LDAP result attributes.
 func extractUser(c lm.LDAPConfig, e *ld.Entry) (u lm.LDAPUser) {
 	u.Firstname = e.GetAttributeValue(c.AttributeUserFirstname)