Skip to content
This repository has been archived by the owner on Jun 12, 2022. It is now read-only.

Commit

Permalink
Fix LDAP vulnerability
Browse files Browse the repository at this point in the history
  • Loading branch information
@StevenWeathers
StevenWeathers committed Nov 2, 2021
1 parent 1417277 commit ebcb499
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ func (s *server) authAndCreateUserLdap(userUsername string, userPassword string)

searchRequest := ldap.NewSearchRequest(viper.GetString("auth.ldap.basedn"),
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf(viper.GetString("auth.ldap.filter"), userUsername),
fmt.Sprintf(viper.GetString("auth.ldap.filter"), ldap.EscapeFilter(userUsername)),
[]string{"dn", viper.GetString("auth.ldap.mail_attr"), viper.GetString("auth.ldap.cn_attr")},
nil,
)
Expand Down

0 comments on commit ebcb499

Please sign in to comment.