diff options
author | Douwe Maan <douwe@gitlab.com> | 2015-03-06 13:26:33 +0100 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2015-03-06 13:39:57 +0100 |
commit | 757dca2b78c8b218295c855d6b7529bad05ae24b (patch) | |
tree | ce2c6beca88ce1c76a88235a8d8d94c02e6a8381 /lib | |
parent | e916f1c295050ef26aef7b309843df6a8cac158e (diff) | |
download | gitlab-ce-757dca2b78c8b218295c855d6b7529bad05ae24b.tar.gz |
Escape wildcards when searching LDAP by username.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/ldap/authentication.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/ldap/person.rb | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/lib/gitlab/ldap/authentication.rb b/lib/gitlab/ldap/authentication.rb index 8af2c74e959..649cf3194b8 100644 --- a/lib/gitlab/ldap/authentication.rb +++ b/lib/gitlab/ldap/authentication.rb @@ -50,7 +50,7 @@ module Gitlab end def user_filter(login) - filter = Net::LDAP::Filter.eq(config.uid, login) + filter = Net::LDAP::Filter.equals(config.uid, login) # Apply LDAP user filter if present if config.user_filter.present? diff --git a/lib/gitlab/ldap/person.rb b/lib/gitlab/ldap/person.rb index 3e0b3e6cbf8..3c426179375 100644 --- a/lib/gitlab/ldap/person.rb +++ b/lib/gitlab/ldap/person.rb @@ -9,10 +9,12 @@ module Gitlab attr_accessor :entry, :provider def self.find_by_uid(uid, adapter) + uid = Net::LDAP::Filter.escape(uid) adapter.user(adapter.config.uid, uid) end def self.find_by_dn(dn, adapter) + dn = Net::LDAP::Filter.escape(dn) adapter.user('dn', dn) end |