LDAP: Escape username in case we are using userbased bind.

author: Jani Averbach <jaa@jaa.iki.fi> 2014-03-31 00:55:43 +0300
committer: Jani Averbach <jaa@jaa.iki.fi> 2014-03-31 00:55:43 +0300
commit: c30c2b332cf498efef9a01609ff4aa5bd7f8cc14 (patch)
tree: 2f5ff497e7a201588cd2beeddcb71e538cb5ced4 /src/main
parent: a74d6756c031929a69388b7390b34108ed13ea37 (diff)
download: gitblit-c30c2b332cf498efef9a01609ff4aa5bd7f8cc14.tar.gz
gitblit-c30c2b332cf498efef9a01609ff4aa5bd7f8cc14.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/main/java/com/gitblit/auth/LdapAuthProvider.java b/src/main/java/com/gitblit/auth/LdapAuthProvider.java
index 892f30ba..83f24669 100644
--- a/src/main/java/com/gitblit/auth/LdapAuthProvider.java
+++ b/src/main/java/com/gitblit/auth/LdapAuthProvider.java
@@ -299,7 +299,7 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider {
 				String bindPattern = settings.getString(Keys.realm.ldap.bindpattern, "");
 				if (!StringUtils.isEmpty(bindPattern)) {
 					try {
-						String bindUser = StringUtils.replace(bindPattern, "${username}", simpleUsername);
+						String bindUser = StringUtils.replace(bindPattern, "${username}", escapeLDAPSearchFilter(simpleUsername));
 						ldapConnection.bind(bindUser, new String(password));
 						
 						alreadyAuthenticated = true;
author	Jani Averbach <jaa@jaa.iki.fi>	2014-03-31 00:55:43 +0300
committer	Jani Averbach <jaa@jaa.iki.fi>	2014-03-31 00:55:43 +0300
commit	c30c2b332cf498efef9a01609ff4aa5bd7f8cc14 (patch)
tree	2f5ff497e7a201588cd2beeddcb71e538cb5ced4 /src/main
parent	a74d6756c031929a69388b7390b34108ed13ea37 (diff)
download	gitblit-c30c2b332cf498efef9a01609ff4aa5bd7f8cc14.tar.gz gitblit-c30c2b332cf498efef9a01609ff4aa5bd7f8cc14.zip