Merge "Fix invalid LDAP filter for user ID with comma" into milestone-proposed2014.1.rc2 2014.1

author: Jenkins <jenkins@review.openstack.org> 2014-04-07 18:18:22 +0000
committer: Gerrit Code Review <review@openstack.org> 2014-04-07 18:18:22 +0000
commit: b07840a0532ef92fda8dc00c99059ec96a98c564 (patch)
tree: 4d2caa3c37cf95b80cbe57dd61b2bb90be47f81e
parent: a3933982c8d1f256e34d9bc62d0a744617152849 (diff)
parent: 5b5331fa02de38207cd81922d5794192ebb4b77a (diff)
download: keystone-2014.1.rc2.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/keystone/identity/backends/ldap.py b/keystone/identity/backends/ldap.py
index 7dcbf6001..80e3e82ff 100644
--- a/keystone/identity/backends/ldap.py
+++ b/keystone/identity/backends/ldap.py
@@ -15,6 +15,7 @@ from __future__ import absolute_import
 import uuid
 
 import ldap
+import ldap.filter
 
 from keystone import clean
 from keystone.common import dependency
@@ -328,9 +329,10 @@ class GroupApi(common_ldap.BaseLdap):
     def list_user_groups(self, user_dn):
         """Return a list of groups for which the user is a member."""
 
+        user_dn_esc = ldap.filter.escape_filter_chars(user_dn)
         query = '(&(objectClass=%s)(%s=%s)%s)' % (self.object_class,
                                                   self.member_attribute,
-                                                  user_dn,
+                                                  user_dn_esc,
                                                   self.ldap_filter or '')
         memberships = self.get_all(query)
         return memberships
author	Jenkins <jenkins@review.openstack.org>	2014-04-07 18:18:22 +0000
committer	Gerrit Code Review <review@openstack.org>	2014-04-07 18:18:22 +0000
commit	b07840a0532ef92fda8dc00c99059ec96a98c564 (patch)
tree	4d2caa3c37cf95b80cbe57dd61b2bb90be47f81e
parent	a3933982c8d1f256e34d9bc62d0a744617152849 (diff)
parent	5b5331fa02de38207cd81922d5794192ebb4b77a (diff)
download	keystone-2014.1.rc2.tar.gz