Uploaded image for project: 'CloudStack'
  1. CloudStack
  2. CLOUDSTACK-4018

LDAP:able to configure ldap with invalid queryfilter and search base values

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 4.2.0
    • None
    • API
    • Security Level: Public (Anyone can view this level - this is the default.)
    • None

    Description

      try to provide invalid values for ldap query filter and search base

      after (&(email=%e)) write any string it will accpet like " (&(email=%e))sadhu"
      also for searchbase if we enter invalid values its accepting and registering successfully

      http://10.147.59.126:8080/client/api?command=ldapConfig&binddn=CN%3Dtest%2CCN%3DUsers%2CDC%3Dhyd-qa%2CDC%3Dcom&bindpass=aaaa_1111&hostname=10.147.38.163&searchbase=CN%3DUsers%2CDC%3Dhyd-qa%2CDC%3Dcom&queryfilter=(%26amp%3B(mail%3D%25e)sadhu&port=389&ssl=false&response=json&sessionkey=gNp53otI4v395R8Blh5OI7j59wE%3D

      { "ldapconfigresponse" : { "ldapconfig" :

      {"hostname":"10.147.38.163","port":"389","ssl":"false","searchbase":"CN=Users,DC=hyd-qa,DC=com","queryfilter":"(&(mail=%e)sadhu","binddn":"CN=test,CN=Users,DC=hyd-qa,DC=com"}

      } }

      Attachments

        Activity

          People

            Unassigned Unassigned
            sadhu sadhu suresh
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: