Skip to content

Commit

Permalink
Merge pull request from GHSA-32fw-wc7f-7qg9
Browse files Browse the repository at this point in the history
  • Loading branch information
arikfr committed May 18, 2024
1 parent bd4ba96 commit 60d3c66
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion redash/authentication/ldap_auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@

try:
from ldap3 import Connection, Server
from ldap3.utils.conv import escape_filter_chars
except ImportError:
if settings.LDAP_LOGIN_ENABLED:
sys.exit(
Expand Down Expand Up @@ -69,6 +70,7 @@ def login(org_slug=None):


def auth_ldap_user(username, password):
clean_username = escape_filter_chars(username)
server = Server(settings.LDAP_HOST_URL, use_ssl=settings.LDAP_SSL)
if settings.LDAP_BIND_DN is not None:
conn = Connection(
Expand All @@ -83,7 +85,7 @@ def auth_ldap_user(username, password):

conn.search(
settings.LDAP_SEARCH_DN,
settings.LDAP_SEARCH_TEMPLATE % {"username": username},
settings.LDAP_SEARCH_TEMPLATE % {"username": clean_username},
attributes=[settings.LDAP_DISPLAY_NAME_KEY, settings.LDAP_EMAIL_KEY],
)

Expand Down

0 comments on commit 60d3c66

Please sign in to comment.