Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issues with Users that have a "Umlaut" eg. Ö or ß #142

Closed
janhoelscher opened this issue Feb 1, 2024 · 5 comments
Closed

Issues with Users that have a "Umlaut" eg. Ö or ß #142

janhoelscher opened this issue Feb 1, 2024 · 5 comments
Assignees
@ansibleguy76
Labels
bug Something isn't working

Comments

@janhoelscher
Copy link

Describe the bug
I have configured authentication via an Active Directory Server. Users without a german "Umlaut" can login without any problems.
But users with an "Umlaut" in there CN getting "Ldap: Invalid Credentials" as a response on the login page.
It has been double checked with two users having this issue.

To Reproduce
Steps to reproduce the behavior:

  1. Configuring Active Directory Server in Ldap Config
  2. Try to login as a user which have an "Umlaut" in their CN
  3. Getting error message on login page

Expected behavior
User should login without any errors.

Version
ansibleforms v5.0.0

Deployment
Deployed ansibleforms with :

  • docker-compose

Additional context
Logs only shows error: Error connecting to ldap : Invalid Credentials but credentials are correct.

Full DN from user account look similar than this CN=<here is sAMAccountName>_(<forename>_<surname>),OU=user,OU=<censored>,DC=<censored>,DC=<censored>,DC=de as <surname> contains an "Ö"
@ansibleguy76 ansibleguy76 self-assigned this Feb 2, 2024
@ansibleguy76 ansibleguy76 added the bug Something isn't working label Feb 2, 2024
@ansibleguy76
Copy link
Owner

ansibleguy76 commented Feb 7, 2024
edited
Loading

I have investigated.
Basic authentication was not handling utf8 characters, that will be fixed in 5.0.1
The user now arrives correctly at the server end, unfortunately, I haven't found a correct way to encode the username so ldap is happy. I tried hex encoding, for example "\00\FC" => ü, but that didn't work. So for the moment I don't know how to fix it. I'm using the ldapjs library which is up to date. Maybe I need to encode the username when sending to ldap, but need to find how and then I can fix this. TBC

@ansibleguy76
Copy link
Owner

found it... and fixed in 5.0.1

@ansibleguy76
Copy link
Owner

building 5.0.1 beta now

@ansibleguy76
Copy link
Owner

Maybe I need to encode the username when sending to ldap, but need to find how and then I can fix this.

I had to decode instead, ldap return encoded Distinguished name and to bind ldap, I must send utf8, so had to build an unescape function.

(ldapjs/node-ldapjs#968)

@qfdk
Copy link

qfdk commented Jun 19, 2024
edited
Loading

Hello @ansibleguy76

Thanks for your workaround, but it doesn't work for these cases

\e2\82\a0 => ₠
\f0\9f\98\80 => 😀

I have read the test file available here: https://github.com/ldapjs/dn/blob/master/lib/utils/escape-value.test.js

I have written a simple version, which I will share with you here

const unescapeLdapDnString = input => {
    // Convert \\xXX to %XX
    const convertedStr = input.replace(/\\([0-9A-Fa-f]{2})/g, (_, hex) => '%' + hex);
    return decodeURIComponent(convertedStr);
};

Have a nice day,
qfdk

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ansibleguy76 ansibleguy76

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@qfdk @janhoelscher @ansibleguy76