ssh-ldap-pubkey icon indicating copy to clipboard operation
ssh-ldap-pubkey copied to clipboard

Published 20 hours ago verified publisher icon jirutka

Ldap password bindpw cannot contain #

Open antoinetran opened this issue 5 years ago • 3 comments

Hi,

I have a ldap password that contains "#". In this case, I have a

Error: Invalid credentials for XXX

Analysis: The code https://github.com/jirutka/ssh-ldap-pubkey/blob/master/ssh_ldap_pubkey/config.py transforms the config /etc/ldap.conf into a dict. This convenient method: re.match(r'^(\w+)\s+([^#]+)', line) reject all comments after "#". Eg: binddn cn=XXX # exemple of comment to ignore

However this also make impossible to use a password with "#" inside. Eg: bindpw abcd#efg will set a bindpw to abcd.

If we want both the ability to add comment at the end of a configuration line, and the ability to add "#" in password, we should make the bindpw a special parsing. I do not see another way.

antoinetran avatar Feb 20 '20 15:02 antoinetran

Hi, we may do similar to what the POSIX shell does – interpret # as the start of comment only when it’s preceded by whitespace.

However, it seems that ldap.conf(5) does not permit trailing comments, so perhaps the right way is to interpret # as a comment only when /^\s*#/.

jirutka avatar Jun 09 '20 13:06 jirutka

Can Ldap contain space as password? Is "password #" a valid password?

antoinetran avatar Jun 09 '20 13:06 antoinetran

Most likely it can.

jirutka avatar Jun 09 '20 14:06 jirutka