SOGo | BTS

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002152SOGoSOPEpublic2012-12-19 16:542013-01-31 16:52
ReporterAdam Tkac 
Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.0.3a 
Target Version2.0.4Fixed in Version2.0.4 
Summary0002152: Users with commas and spaces in their LDAP DNs cannot login
DescriptionWhen user DN in LDAP contains comma immediately followed by space, SOGo fails to construct correct LDAP binddn for such user.

Example:

dn: CN=Tkac\, Adam,OU=ITZ,DC=geodis,DC=cz

I captured LDAP network traffic and found that SOGo tries to bind with following binddn (note that the space character is missing)

dn: CN=Tkac\,Adam,OU=ITZ,DC=geodis,DC=cz

So the LDAP bind obviously fails because DN doesn't exist and SOGo web interface writes that user specified wrong credentials.

I'm using the latest SOGo/SOPE:
sope49-ldap-4.9-20121206_1664.el6.1.x86_64
sogo-2.0.3a-1.centos6.x86_64
Additional InformationAfter inspection the main issue is in sope, in sope-ldap/NGLdap/NSString+DN.m:dnComponents method. This method thinks that every comma splits DN. However this is not true when comma is escaped.

After incorrect split this method removes starting and trailing whitespaces from attributes, so the space from DN disappears.

I will attach proposed patch, which uses ldap_explode_dn to split DN into RDNs.
TagsNo tags attached.
Attached Filespatch file icon 0001-NSString-DN.m-dnComponents-method-failed-to-parse-DN.patch [^] (2,370 bytes) 2012-12-19 16:55 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]
has duplicate 0001407resolvedludovic LDAP authentication agains ActiveDirectory fails when backslash in distinguishedName 

-  Notes
(0005079)
Adam Tkac (reporter)
2012-12-19 16:56

The patch fixes the login issue in my case, I already verified it. Sorry that it is not so clean but I have no experience with objective-c.
User avatar (0005138)
ludovic (administrator)
2013-01-11 11:52

Fix slightly modified and pushed, thanks!

https://github.com/inverse-inc/sope/commit/134db61df78edbd367c8b740513802c5fcb25571 [^]
https://github.com/inverse-inc/sope/commit/52d80264db6e5d4d8aedd50f3bb76d015b8394d6 [^]
(0005303)
jraby (viewer)
2013-01-31 16:52

New fix as this patch broke utf8 encoding of DNs : https://github.com/inverse-inc/sope/commit/7a8cb886103dc9b4569151ae185b9e3bc2e95b4e [^]

- Issue History
Date Modified Username Field Change
2012-12-19 16:54 Adam Tkac New Issue
2012-12-19 16:55 Adam Tkac File Added: 0001-NSString-DN.m-dnComponents-method-failed-to-parse-DN.patch
2012-12-19 16:56 Adam Tkac Note Added: 0005079
2012-12-20 08:51 ludovic Target Version => 2.0.4
2013-01-11 11:52 ludovic Note Added: 0005138
2013-01-11 11:52 ludovic Status new => closed
2013-01-11 11:52 ludovic Resolution open => fixed
2013-01-11 11:52 ludovic Fixed in Version => 2.0.4
2013-01-18 14:59 ludovic Relationship added has duplicate 0001407
2013-01-31 16:52 jraby Note Added: 0005303


Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker