We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When validating if a particular dn is equal to basedn or if this dn is included in the base dn we use:
if !baseDN.AncestorOf(dn) && !baseDN.Equal(dn) { return nil, NewQueryOutOfBoundsError(attributeValue, o.BaseDN) }
But since this is ldap protocol and ldap is case insensitve, we should rather do this control as case-insentiive.
This issue is corresponding to: https://issues.redhat.com/browse/OCPBUGS-36591 group sync is showing error "entry would search outside of the base dn specified" but it's not
/assign
The text was updated successfully, but these errors were encountered:
Potential fix is:
index 19f276f3e..8868f287a 100644 --- a/pkg/security/ldapquery/query.go +++ b/pkg/security/ldapquery/query.go @@ -112,9 +112,9 @@ func (o *LDAPQueryOnAttribute) NewSearchRequest(attributeValue string, attribute if err != nil { return nil, fmt.Errorf("could not search by dn, invalid dn value: %v", err) } - if !baseDN.AncestorOf(dn) && !baseDN.Equal(dn) { - return nil, NewQueryOutOfBoundsError(attributeValue, o.BaseDN) - } + if !baseDN.AncestorOfFold(dn) && !baseDN.EqualFold(dn) { + return nil, NewQueryOutOfBoundsError(attributeValue, o.BaseDN) + } return o.buildDNQuery(attributeValue, attributes), nil } else {
Sorry, something went wrong.
germanparente
No branches or pull requests
When validating if a particular dn is equal to basedn or if this dn is included in the base dn we use:
if !baseDN.AncestorOf(dn) && !baseDN.Equal(dn) {
return nil, NewQueryOutOfBoundsError(attributeValue, o.BaseDN)
}
But since this is ldap protocol and ldap is case insensitve, we should rather do this control as case-insentiive.
This issue is corresponding to:
https://issues.redhat.com/browse/OCPBUGS-36591
group sync is showing error "entry would search outside of the base dn specified" but it's not
/assign
The text was updated successfully, but these errors were encountered: