From 1e86353072ad21bc7849c4c4069acc65a0211b85 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Thu, 12 Oct 2023 09:42:21 +0200 Subject: [PATCH] ldap: fix GetUserByClaim for binary encoded UUIDs GetUserByClaim didn't correctly work for claim "userid" when "idIsOctetString" is set to true. Because the LDAP filter was not correctly hex-escaped. Fixes: https://github.com/owncloud/ocis/issues/7469 --- changelog/unreleased/fix-ldap-getuserbyclaim-userid.md | 7 +++++++ pkg/utils/ldap/identity.go | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 changelog/unreleased/fix-ldap-getuserbyclaim-userid.md diff --git a/changelog/unreleased/fix-ldap-getuserbyclaim-userid.md b/changelog/unreleased/fix-ldap-getuserbyclaim-userid.md new file mode 100644 index 0000000000..e6e958a2f3 --- /dev/null +++ b/changelog/unreleased/fix-ldap-getuserbyclaim-userid.md @@ -0,0 +1,7 @@ +Bugfix: GetUserByClaim not working with MSAD for claim "userid" + +We fixed GetUserByClaim to correctly deal with binary encoded userid +as e.g. used for Active Directory. + +https://github.com/cs3org/reva/pull/4249 +https://github.com/owncloud/ocis/issues/7469 diff --git a/pkg/utils/ldap/identity.go b/pkg/utils/ldap/identity.go index 3f3c4a8a5e..f438d33203 100644 --- a/pkg/utils/ldap/identity.go +++ b/pkg/utils/ldap/identity.go @@ -526,7 +526,7 @@ func (i *Identity) getUserAttributeFilter(attribute, value string) (string, erro default: return "", errors.New("ldap: invalid field " + attribute) } - if attribute == "userid" && i.User.Schema.IDIsOctetString { + if attribute == i.User.Schema.ID && i.User.Schema.IDIsOctetString { id, err := uuid.Parse(value) if err != nil { err := errors.Wrap(err, fmt.Sprintf("error parsing OpaqueID '%s' as UUID", value)) @@ -687,7 +687,7 @@ func (i *Identity) getGroupAttributeFilter(attribute, value string) (string, err default: return "", errors.New("ldap: invalid field " + attribute) } - if attribute == "group_id" && i.Group.Schema.IDIsOctetString { + if attribute == i.Group.Schema.ID && i.Group.Schema.IDIsOctetString { id, err := uuid.Parse(value) if err != nil { err := errors.Wrap(err, fmt.Sprintf("error parsing OpaqueID '%s' as UUID", value))