[Date Prev][Date Next]
(ITS#3419) slap_sasl_getdn() does not escape RDN value
Full_Name: Luke Howard
Submission from: (NULL) (220.127.116.11)
If a SASL mechanism returns a user authentication identity containing a
character that is significant in a distinguished name (eg: u:DOMAIN\user), then
slap_sasl_getdn() will fail with LDAP_INVALID_SYNTAX.
Rather than constructing the SASL authorization DN by concatenating strings, it
needs to treat the user name as an unescaped RDN value, and call ldap_dn2str()
to convert it into a string.