Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ldap_bind fails to bind when the password contains special characters #11407

Open
Phatkone opened this issue Jun 9, 2023 · 10 comments
Open

ldap_bind fails to bind when the password contains special characters #11407

Phatkone opened this issue Jun 9, 2023 · 10 comments
Labels
Bug Extension: ldap Status: Needs Triage

Comments

@Phatkone
Copy link

Phatkone commented Jun 9, 2023

Description

Any ldap password that contains special characters such as "!", "_" or "&" fails to bind where stripping those characters from the password works.

Tested on PHP7.4 and PHP8.0

PHP Version

8.0.1

Operating System

Raspbian 11
@heiglandreas
Copy link
Contributor

Did you use ldap_escape on the password?

@Phatkone
Copy link
Author

Phatkone commented Jun 9, 2023

Did you use ldap_escape on the password?

Tried that too, still doesn't work.
tried html_entity_decode and url_decode too.

@tibetoine
Copy link

Is there any update ?

@tibetoine
Copy link

Ok i found a solution :
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
LDAPv3 supports UTF-8 by default, which it expects requests and responses to be in by default.

@heiglandreas
Copy link
Contributor

AH! OK. Makes sense!

We should probably set that as default if it wasn't set...

@tibetoine
Copy link

That would probably be a good idea.
At least add the information to the known issues OR troubleshooting section.
Afterwards, it's not certain that all legacy LDAP systems are compatible with protocol v3 (maybe this needs to be checked to ensure backward compatibility?)

@KiralyCraft
Copy link

Unfortunately for me it doesn't work. I have it like this:

$ldaprdn = $usernameDomain . "\\" . $usernameUID;

$ldapConnection = ldap_connect($ldapServer);
ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapConnection, LDAP_OPT_REFERRALS, 0);
$bind = @ldap_bind($ldapConnection, $ldaprdn, html_entity_decode($password));
if ($bind)
{
//All good!
}
else
{
//Fail
}

I'm running PHP 8.2.3 on Arch Linux and the LDAP server is a Windows Server 2022 instance. I'm yet to test with other implementations to see whether this issue is specific to PHP.

My password is simply testing123& and it fails with the & in there, but works fine otherwise.

@tibetoine
Copy link

tibetoine commented Oct 23, 2024
edited
Loading

Unfortunately for me it doesn't work. I have it like this:

$ldaprdn = $usernameDomain . "\\" . $usernameUID;

$ldapConnection = ldap_connect($ldapServer);
ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapConnection, LDAP_OPT_REFERRALS, 0);
$bind = @ldap_bind($ldapConnection, $ldaprdn, html_entity_decode($password));
if ($bind)
{
//All good!
}
else
{
//Fail
}

I'm running PHP 8.2.3 on Arch Linux and the LDAP server is a Windows Server 2022 instance. I'm yet to test with other implementations to see whether this issue is specific to PHP.

My password is simply testing123& and it fails with the & in there, but works fine otherwise.

Did you try this : #11407 (comment) ?

@Phatkone
Copy link
Author

Unfortunately for me it doesn't work. I have it like this:

$ldaprdn = $usernameDomain . "\\" . $usernameUID;

$ldapConnection = ldap_connect($ldapServer);
ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapConnection, LDAP_OPT_REFERRALS, 0);
$bind = @ldap_bind($ldapConnection, $ldaprdn, html_entity_decode($password));
if ($bind)
{
//All good!
}
else
{
//Fail
}

I'm running PHP 8.2.3 on Arch Linux and the LDAP server is a Windows Server 2022 instance. I'm yet to test with other implementations to see whether this issue is specific to PHP.
My password is simply testing123& and it fails with the & in there, but works fine otherwise.

Did you try this : #11407 (comment) ?

its literally line 4 on the config excerpt.

@tibetoine
Copy link

What ... This lines just appeared. Idk what just happened

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Extension: ldap Status: Needs Triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@heiglandreas @tibetoine @Girgias @KiralyCraft @Phatkone