Bug when user cn has utf8 characters

Question

Bug when user cn has utf8 characters

ansibleguy76 opened this issue 7 months ago · comments

Add function :

function unescapeLdapResult(ldapResult) {
  // Regular expression to match the escaped sequences
  const regex = /\\([0-9a-fA-F]{2})\\([0-9a-fA-F]{2})/g;

  // Replace each escaped sequence with its Unicode character
  return ldapResult.replace(regex, (match, p1, p2) => {
      // Convert the hex codes to a Buffer
      const bytes = Buffer.from([parseInt(p1, 16), parseInt(p2, 16)]);
      // Convert the Buffer to a UTF-8 String
      return bytes.toString('utf8');
  });
}

and use it to unescape the result :

  ldapAdminClient.unbind()
  if (!user || !user.dn) {
    ldapOpts.log &&
      ldapOpts.log.trace(
        `admin did not find user! (${usernameAttribute}=${username})`
      )
    throw new LdapAuthenticationError(
      'user not found or usernameAttribute is wrong'
    )
  }
  var userDn = user.dn
  userDn = unescapeLdapResult(userDn)
  let ldapUserClient
  try {
    ldapUserClient = await _ldapBind(userDn, userPassword, starttls, ldapOpts)
  } catch (error) {
    throw error
  }
  ldapUserClient.unbind()
  if (groupsSearchBase && groupClass && groupMemberAttribute) {
    try {
      ldapAdminClient = await _ldapBind(

shaozi · Answer 1 · Wed Jun 19 2024 12:24:30 GMT+0800 (China Standard Time)

I would like to understand more about this patch:

Can you give an example of a utf-8 DN?
How do you know the DN is hex coded, not regular string happened to look like a hex string?

AnsibleGuy76 · Answer 2 · Thu Jun 20 2024 00:42:10 GMT+0800 (China Standard Time)

i went into the code of ldap.js and noticed that they return encoded utf8 chars. which wasn't handled in your code. if you would patch your code, i can use npm again.

i will try to simulate a user later

shaozi · Answer 3 · Thu Jun 20 2024 04:02:06 GMT+0800 (China Standard Time)

Can you be kindly to point me to where in the ldapjs code that it return encoded utf8?

shaozi · Answer 4 · Thu Jun 20 2024 05:23:22 GMT+0800 (China Standard Time)

ok. I think I get what you mean. The return string from ldapjs will be backslash escaped hex if the result have utf encode runes. like this:
'cn=\\e7\\a0\\94\\e5\\8f\\91A\\e9\\83\\a8,ou=users,dc=example,dc=com'
Your method may not be enough to decode it. We need a better way.

shaozi · Answer 5 · Thu Jun 20 2024 08:12:51 GMT+0800 (China Standard Time)

fixed by merge #66

AnsibleGuy76 · Answer 6 · Fri Jun 21 2024 21:52:10 GMT+0800 (China Standard Time)

Hi,
I tested your 3.2.1 version from npm
Did this fix make it ? Because I still have the same issue. If I fall back to my verions, it work.

AnsibleGuy76 · Answer 7 · Fri Jun 21 2024 21:54:56 GMT+0800 (China Standard Time)

Seems not, I copied your code manually, and it works too.

shaozi · Answer 8 · Sun Jun 23 2024 13:08:31 GMT+0800 (China Standard Time)

just published 3.2.2 which has the fix