From 221aa62c8f733adbfd2aacdf62333bd0a708bffc Mon Sep 17 00:00:00 2001 From: Chris Heyne Date: Thu, 12 Feb 2015 10:49:42 -0600 Subject: [PATCH] Escape user DN used to build group filter. Fixes MRM-1873 --- .../redback/common/ldap/role/DefaultLdapRoleMapper.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.java b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.java index 572e9c72..101d156f 100644 --- a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.java +++ b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.java @@ -48,6 +48,7 @@ import javax.naming.directory.DirContext; import javax.naming.directory.ModificationItem; import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; +import javax.naming.ldap.Rdn; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; @@ -390,6 +391,9 @@ public class DefaultLdapRoleMapper } groupEntry = builder.toString(); } + + groupEntry = Rdn.escapeValue(groupEntry); + String filter = new StringBuilder().append( "(&" ).append( "(objectClass=" + getLdapGroupClass() + ")" ).append( "(" ).append( getLdapGroupMember() ).append( "=" ).append( groupEntry ).append( ")" ).append(