@@ -56,7 +56,7 @@ def _server_port_default(self):
5656
5757 Unicode Example:
5858 uid={username},ou=people,dc=wikimedia,dc=org
59-
59+
6060 List Example:
6161 [
6262 uid={username},ou=people,dc=wikimedia,dc=org,
@@ -260,8 +260,8 @@ def escape_userdn_if_needed(self, userdn):
260260 config = True ,
261261 help = "List of attributes to be searched"
262262 )
263-
264-
263+
264+
265265 @gen .coroutine
266266 def authenticate (self , handler , data ):
267267 username = data ['username' ]
@@ -284,7 +284,7 @@ def getConnection(userdn, username, password):
284284 auto_bind = ldap3 .AUTO_BIND_TLS_BEFORE_BIND ,
285285 )
286286 return conn
287-
287+
288288 # Protect against invalid usernames as well as LDAP injection attacks
289289 if not re .match (self .valid_username_regex , username ):
290290 self .log .warn ('username:%s Illegal characters in username, must match regex %s' , username , self .valid_username_regex )
@@ -302,6 +302,8 @@ def getConnection(userdn, username, password):
302302 if resolved_username is None :
303303 return None
304304
305+ resolved_username = re .subn (r"[^\\]," , r"\," , resolved_username )[0 ]
306+
305307 bind_dn_template = self .bind_dn_template
306308 if isinstance (bind_dn_template , str ):
307309 # bind_dn_template should be of type List[str]
@@ -317,15 +319,15 @@ def getConnection(userdn, username, password):
317319 msg += '\n {exc_type}: {exc_msg}' .format (
318320 exc_type = exc .__class__ .__name__ ,
319321 exc_msg = exc .args [0 ] if exc .args else ''
320- )
322+ )
321323 else :
322324 isBound = conn .bind ()
323325 msg = msg .format (
324326 username = username ,
325327 userdn = userdn ,
326328 isBound = isBound
327329 )
328- self .log .debug (msg )
330+ self .log .debug (msg )
329331 if isBound :
330332 break
331333
0 commit comments