[LDAP] Login failure when password contains some special characters

[kumashiro]

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

HEAD

Storage Type

SQLite

Installation Type

Official container image

Expected Behavior

Logins with all supported special characters should succeed when using LDAP connector.

Actual Behavior

With LDAP connector, login fails if user password contains any of the characters from the set ()*\. This is caused by an unnecessary escape of password in connector/ldap/ldap.go:476. Password is not passed in a LDAP query string, therefore it does not need and should not be escaped.

Applying the patch below fixes the problem:

diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go
index f0aa7eff..bb434a6c 100644
--- a/connector/ldap/ldap.go
+++ b/connector/ldap/ldap.go
@@ -473,7 +473,6 @@ func (c *ldapConnector) Login(ctx context.Context, s connector.Scopes, username,
        )

        username = ldap.EscapeFilter(username)
-       password = ldap.EscapeFilter(password)

        err = c.do(ctx, func(conn *ldap.Conn) error {
                entry, found, err := c.userEntry(conn, username)

Steps To Reproduce

No response

Additional Information

No response

Configuration

No response

Logs

No response

[nabokihms]

Hello, it is a duplicate of #3436