diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index 2273caec02c7ecb46f245237e9ee7afa257d1bcb..e0c6741bcb2dcf668583d0c8db8beae307a0d388 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -58,6 +58,7 @@ abstract class Access {
return false;
}
$rr = @ldap_read($cr, $dn, $filter, array($attr));
+ $dn = $dn = str_replace('\\5c', '\\', $dn);
if(!is_resource($rr)) {
\OCP\Util::writeLog('user_ldap', 'readAttribute failed for DN '.$dn, \OCP\Util::DEBUG);
//in case an error occurs , e.g. object does not exist
@@ -119,18 +120,13 @@ abstract class Access {
//make comparisons and everything work
$dn = mb_strtolower($dn, 'UTF-8');
- //escape DN values according to RFC 2253
- //thanks to Kolab, http://git.kolab.org/pear/Net_LDAP3/tree/lib/Net/LDAP3.php#n1313
+ //escape DN values according to RFC 2253 – this is already done by ldap_explode_dn
+ //to use the DN in search filters, \ needs to be escaped to \5c additionally
+ //to use them in bases, we convert them back to simple backslashes in readAttribute()
$aDN = ldap_explode_dn($dn, false);
unset($aDN['count']);
- foreach($aDN as $key => $part) {
- $value = substr($part, strpos($part, '=')+1);
- $escapedValue = strtr($value, Array(','=>'\2c', '='=>'\3d', '+'=>'\2b',
- '<'=>'\3c', '>'=>'\3e', ';'=>'\3b', '\\'=>'\5c',
- '"'=>'\22', '#'=>'\23'));
- $part = str_replace($part, $value, $escapedValue);
- }
$dn = implode(',', $aDN);
+ $dn = str_replace('\\', '\\5c', $dn);
return $dn;
}
@@ -240,7 +236,6 @@ abstract class Access {
* returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN
*/
public function dn2ocname($dn, $ldapname = null, $isUser = true) {
- $dn = $this->sanitizeDN($dn);
$table = $this->getMapTable($isUser);
if($isUser) {
$fncFindMappedName = 'findMappedUser';
@@ -437,7 +432,6 @@ abstract class Access {
*/
private function mapComponent($dn, $ocname, $isUser = true) {
$table = $this->getMapTable($isUser);
- $dn = $this->sanitizeDN($dn);
$sqlAdjustment = '';
$dbtype = \OCP\Config::getSystemValue('dbtype');
@@ -732,6 +726,7 @@ abstract class Access {
public function getUUID($dn) {
if($this->detectUuidAttribute($dn)) {
+ \OCP\Util::writeLog('user_ldap', 'UUID Checking \ UUID for '.$dn.' using '. $this->connection->ldapUuidAttribute, \OCP\Util::DEBUG);
$uuid = $this->readAttribute($dn, $this->connection->ldapUuidAttribute);
if(!is_array($uuid) && $this->connection->ldapOverrideUuidAttribute) {
$this->detectUuidAttribute($dn, true);