diff options
author | Jenkins <jenkins@review.openstack.org> | 2014-04-07 18:18:22 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2014-04-07 18:18:22 +0000 |
commit | b07840a0532ef92fda8dc00c99059ec96a98c564 (patch) | |
tree | 4d2caa3c37cf95b80cbe57dd61b2bb90be47f81e | |
parent | a3933982c8d1f256e34d9bc62d0a744617152849 (diff) | |
parent | 5b5331fa02de38207cd81922d5794192ebb4b77a (diff) | |
download | keystone-2014.1.rc2.tar.gz |
Merge "Fix invalid LDAP filter for user ID with comma" into milestone-proposed2014.1.rc22014.1
-rw-r--r-- | keystone/identity/backends/ldap.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/keystone/identity/backends/ldap.py b/keystone/identity/backends/ldap.py index 7dcbf6001..80e3e82ff 100644 --- a/keystone/identity/backends/ldap.py +++ b/keystone/identity/backends/ldap.py @@ -15,6 +15,7 @@ from __future__ import absolute_import import uuid import ldap +import ldap.filter from keystone import clean from keystone.common import dependency @@ -328,9 +329,10 @@ class GroupApi(common_ldap.BaseLdap): def list_user_groups(self, user_dn): """Return a list of groups for which the user is a member.""" + user_dn_esc = ldap.filter.escape_filter_chars(user_dn) query = '(&(objectClass=%s)(%s=%s)%s)' % (self.object_class, self.member_attribute, - user_dn, + user_dn_esc, self.ldap_filter or '') memberships = self.get_all(query) return memberships |