Thread: Filters not supported for LDAP authentication

Filters not supported for LDAP authentication

From

Bastien Bodart

Date:

02 September 2016, 21:32:52

Hi,

Is there any reason filters are not supported for search+bind LDAP
authentication?
There is no option to pass a filter in search+bind mode and
"ldapsearchattribute" parameter is even checked to prevent filter injection.
"ldapurl" parameter is defined as an RFC 4516 LDAP URL except filters
and extensions are not supported despite being parsed.

Thanks.

Bastien

Re: Filters not supported for LDAP authentication

From

Magnus Hagander

Date:

03 September 2016, 16:07:04

On Wed, Aug 31, 2016 at 2:43 PM, Bastien Bodart <bastien.bodart@esnah.com> wrote:

Hi,

Is there any reason filters are not supported for search+bind LDAP authentication?
There is no option to pass a filter in search+bind mode and "ldapsearchattribute" parameter is even checked to prevent filter injection.
"ldapurl" parameter is defined as an RFC 4516 LDAP URL except filters and extensions are not supported despite being parsed.

AFAIK there is no reason other than that nobody has gotten around to write the code for it. I see no reason why we wouldn't accept a patch for that functionality.

Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/