LDAP: Escape username in case we are using userbased bind.

author Jani Averbach <jaa@jaa.iki.fi>

Sun, 30 Mar 2014 21:55:43 +0000 (00:55 +0300)

committer Jani Averbach <jaa@jaa.iki.fi>

Sun, 30 Mar 2014 21:55:43 +0000 (00:55 +0300)
author Jani Averbach <jaa@jaa.iki.fi>
Sun, 30 Mar 2014 21:55:43 +0000 (00:55 +0300)
committer Jani Averbach <jaa@jaa.iki.fi>
Sun, 30 Mar 2014 21:55:43 +0000 (00:55 +0300)
diff --git a/src/main/java/com/gitblit/auth/LdapAuthProvider.java b/src/main/java/com/gitblit/auth/LdapAuthProvider.java

index 892f30baf7e3fb83c52b2df088528c9a0542fd04..83f2466988916f7f8a4efc5c35710e7a55ecb353 100644 (file)
--- a/src/main/java/com/gitblit/auth/LdapAuthProvider.java
+++ b/src/main/java/com/gitblit/auth/LdapAuthProvider.java
@@ -299,7 +299,7 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider {
                                 String bindPattern = settings.getString(Keys.realm.ldap.bindpattern, "");
                                 if (!StringUtils.isEmpty(bindPattern)) {
                                         try {
-                                               String bindUser = StringUtils.replace(bindPattern, "${username}", simpleUsername);
+                                               String bindUser = StringUtils.replace(bindPattern, "${username}", escapeLDAPSearchFilter(simpleUsername));
                                                 ldapConnection.bind(bindUser, new String(password));
                                                 
                                                 alreadyAuthenticated = true;
author	Jani Averbach <jaa@jaa.iki.fi>
	Sun, 30 Mar 2014 21:55:43 +0000 (00:55 +0300)
committer	Jani Averbach <jaa@jaa.iki.fi>
	Sun, 30 Mar 2014 21:55:43 +0000 (00:55 +0300)