[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#3419) slap_sasl_getdn() does not escape RDN value

Full_Name: Luke Howard
Version: 2.2.19
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

If a SASL mechanism returns a user authentication identity containing a
character that is significant in a distinguished name (eg: u:DOMAIN\user), then
slap_sasl_getdn() will fail with LDAP_INVALID_SYNTAX.

Rather than constructing the SASL authorization DN by concatenating strings, it
needs to treat the user name as an unescaped RDN value, and call ldap_dn2str()
to convert it into a string.