Skip to content

Commit

Permalink
Do not escape password for LDAP connectors (dexidp#3470)
Browse files Browse the repository at this point in the history
With the change introduced in dexidp#3372 Dex declines passwords that contain special characters. Since password is not passed to any kind of filters, it is safe to pass a password as is. No LDAP query injections are possible.

This commit is a revert of password escaping.

Signed-off-by: m.nabokikh <[email protected]>
  • Loading branch information
nabokihms authored Apr 9, 2024
1 parent 98980ca commit 3705207
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion connector/ldap/ldap.go
Original file line number Diff line number Diff line change
Expand Up @@ -473,7 +473,6 @@ func (c *ldapConnector) Login(ctx context.Context, s connector.Scopes, username,
)

username = ldap.EscapeFilter(username)
password = ldap.EscapeFilter(password)

err = c.do(ctx, func(conn *ldap.Conn) error {
entry, found, err := c.userEntry(conn, username)
Expand Down

0 comments on commit 3705207

Please sign in to comment.