On Mar 30, 2011, at 1:01 PM, Stephen Gallagher wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 03/30/2011 03:53 PM, JR Aquino wrote: >> >> On Mar 30, 2011, at 12:05 PM, JR Aquino wrote: >> >>> The FreeIPA framework performs unescaped searches to enumerate group >>> membership. >>> >>> The following patch corrects this behavior. >>> >>> -JR >>> >>> <freeipa-jraquino-0021-Escape-LDAP-characters-in-member-and-memberof-search.patch>_______________________________________________ >>> Freeipa-devel mailing list >>> Freeipa-devel@redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-devel >> >> Self NACK >> >> Attached is the corrected patch. >> >> search_group_dn = _ldap_filter.escape_filter_chars(search_group_dn) >> >> Is now correctly changed to: >> >> search_group_dn = _ldap_filter.escape_filter_chars(group_dn) >> > > Nack. This is a step in the right direction, but you're not actually > using this value anywhere. > > I think you wanted to have the next line changed to: > > searchfilter = "(memberof=%s)" % search_group_dn > > - -- > Stephen Gallagher > RHCE 804006346421761
Oh! You are right. Attached is the corrected patch.
binNBKTBPO58T.bin
Description: freeipa-jraquino-0021-Escape-LDAP-characters-in-member-and-memberof-search.patch
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel