get_user_groups() malforms CN causing false query results and empty user_groups

[bandwiches]

Issue

Long story short, I'm using LDAP3LoginManager.authenticate() to authenticate users. Bind, user search, and user authentication all work successfully, but the resulting user_groups is an empty list.

The issue seems to stem from this line:

https://github.com/nickw444/flask-ldap3-login/blob/3e77aeb680e360c12167244ba0611b0dcef9e283/flask_ldap3_login/init.py#L550

Verification

Logs

Directly binding a connection to a server with user:'CN=LastName\, FirstName,...'
Authentication was successful for user 'username'
Searching for groups for specific user with filter '(&(objectclass=group)(member=CN=LastName\5c, FirstName...)'

Troubleshooting

• Opened a python shell importing python-ldap3
• Tested search query using the filter provided by flask_ldap3_login logs
  • This failed to return any results
• Tested search query removing the 5c
  • Success

[gmacon]

This doesn't feel quite right to me. A couple questions:

Can you try again in the python shell double-checking that you've escaped the backslash in the string literal? i.e. try filter = '(&(objectclass=group)(member=CN=LastName\\5c, FirstName...)' If you just paste the filter into a shell, that \5c will turn into an ASCII ENQ byte followed by a literal c, which can't possibly work. (Those debug logs don't use the repr of the strings, they're just surrounded by literal single quote characters. I might argue that that's a bug on its own, but that's off topic for this issue.)

Assuming the issue still manifests with that string-escaping in place, can you let us know what LDAP server you're interacting with?