Adding support for additional chars in LDAP usernames (fixes #1941)

Allowing LDAP entries to use the chracters ' ', '@', '-', '_', and '.' in the user name attribute. These characters do not modify the behavior of the LDAP filter and are common in LDAP user names. Signed-off-by: David M. Syzdek <david@syzdek.net> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2526 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-06-11 10:09:14 +00:00 · 2009-06-11 10:09:14 +00:00 · 5204fd7e6c
parent 7ad4792357
commit 5204fd7e6c
2 changed files with 8 additions and 2 deletions
--- a/1
+++ b/1
@ -51,6 +51,7 @@ NEWS
  * Fix segfault in mod_expire after failed config parsing (fixes #1992)
  * Add ssi.content-type option (default text/html, fixes #615)
  * Add support for "real" entropy from /dev/[u]random (fixes #1977)
+  * Adding support for additional chars in LDAP usernames (fixes #1941)

 - 1.4.22 - 2009-03-07
  * Fix wrong lua type for CACHE_MISS/CACHE_HIT in mod_cml (fixes #533)
--- a/src/http_auth.c
+++ b/src/http_auth.c
@ -728,10 +728,15 @@ static int http_auth_basic_password_compare(server *srv, mod_auth_plugin_data *p
 			char c = username->ptr[i];

 			if (!isalpha(c) &&
-			    !isdigit(c)) {
+			    !isdigit(c) &&
+			    (c != ' ') &&
+			    (c != '@') &&
+			    (c != '-') &&
+			    (c != '_') &&
+			    (c != '.') ) {

 				log_error_write(srv, __FILE__, __LINE__, "sbd",
-					"ldap: invalid character (a-zA-Z0-9 allowed) in username:", username, i);
+					"ldap: invalid character (- _.@a-zA-Z0-9 allowed) in username:", username, i);

 				return -1;
 			}