Skip to content

Commit

Permalink
ldap: fix GetUserByClaim for binary encoded UUIDs
Browse files Browse the repository at this point in the history
GetUserByClaim didn't correctly work for claim "userid" when
"idIsOctetString" is set to true. Because the LDAP filter was not
correctly hex-escaped.

Fixes: owncloud/ocis#7469
  • Loading branch information
rhafer committed Oct 12, 2023
1 parent 044d686 commit 31c621e
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 2 deletions.
7 changes: 7 additions & 0 deletions changelog/unreleased/fix-ldap-getuserbyclaim-userid.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
Bugfix: GetUserByClaim not working with MSAD for claim "userid"

We fixed GetUserByClaim to correctly deal with binary encoded userid
as e.g. used for Active Directory.

https://github.com/cs3org/reva/pull/xxxx
https://github.com/owncloud/ocis/issues/7469
4 changes: 2 additions & 2 deletions pkg/utils/ldap/identity.go
Original file line number Diff line number Diff line change
Expand Up @@ -526,7 +526,7 @@ func (i *Identity) getUserAttributeFilter(attribute, value string) (string, erro
default:
return "", errors.New("ldap: invalid field " + attribute)
}
if attribute == "userid" && i.User.Schema.IDIsOctetString {
if attribute == i.User.Schema.ID && i.User.Schema.IDIsOctetString {
id, err := uuid.Parse(value)
if err != nil {
err := errors.Wrap(err, fmt.Sprintf("error parsing OpaqueID '%s' as UUID", value))
Expand Down Expand Up @@ -687,7 +687,7 @@ func (i *Identity) getGroupAttributeFilter(attribute, value string) (string, err
default:
return "", errors.New("ldap: invalid field " + attribute)
}
if attribute == "group_id" && i.Group.Schema.IDIsOctetString {
if attribute == i.Group.Schema.ID && i.Group.Schema.IDIsOctetString {
id, err := uuid.Parse(value)
if err != nil {
err := errors.Wrap(err, fmt.Sprintf("error parsing OpaqueID '%s' as UUID", value))
Expand Down

0 comments on commit 31c621e

Please sign in to comment.