[IMPALA-11042] Special characters are not escaped during LDAP search bind authentication - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: Impala 4.0.0
Fix Version/s: Impala 4.1.0
Component/s: Security
Labels:
None

Epic Color:
ghx-label-6

Description

For search bind authentication during group search {1} notation is allowed, it represents the user's distinguished name, which is extracted from the result of the user search. In certain use-cases this can contain special characters, for example this a valid dn: cn=Doe\, John,ou=Users2,dc=myorg,dc=com. This string is then used to create a group search filter, however from the client end these characters should be escaped properly, without that the following happens:

W1201 15:27:45.801143 32013 ldap-util.cc:196] LDAP search failed with base DN=ou=Groups,dc=myorg,dc=com and filter=(uniqueMember=cn=Doe\, John,ou=Users2,dc=myorg,dc=com) : Bad search filter

Attachments

Activity

People

Assignee:: Tamas Mate

Reporter:: Tamas Mate

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 01/Dec/21 14:37

Updated:: 09/Dec/21 09:37

Resolved:: 09/Dec/21 09:37