Skip to content

Omitting %s from LDAP bind DN sends corrupted bind DN string to LDAP server #8899

New issue
New issue
Closed
#8900
Closed
Omitting %s from LDAP bind DN sends corrupted bind DN string to LDAP server#8899
#8900
Labels
bugA problem with current functionality, as opposed to missing functionality (enhancement)frozen-due-to-ageIssues closed and untouched for a long time, together with being locked for discussionneeds-triageNew issues needed to be validated
Milestone
v1.23.6
@wrouesnel

Description

@wrouesnel
wrouesnel
opened on May 10, 2023

Syncthing Version

Syncthing version: v1.23.4, Linux (64-bit Intel/AMD Container)

What Happened

Configuring LDAP auth with a bind DN which omits the %s placeholder (to restrict login to a specific user with LDAP) results in the following bind DN being sent to LDAP:

So configuring

cn=will,dc=home,dc=internal

results in the following being sent to the LDAP server

cn=will,dc=home,dc=internal%!(extra string=will)

Which obviously fails.

What Is Expected

If the %s is omitted, the the bind DN will be sent as-is to the LDAP server.

Reproduction

  • Configure a bind DN without a %s placeholder
  • Enable LDAP auth
  • Observe the logs on the LDAP auth attempt

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugA problem with current functionality, as opposed to missing functionality (enhancement)frozen-due-to-ageIssues closed and untouched for a long time, together with being locked for discussionneeds-triageNew issues needed to be validated

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions