58257 – require ldap-group does not work if account-fullname in AD/Samba4 contains comma

Bug 58257 - require ldap-group does not work if account-fullname in AD/Samba4 contains comma

Summary: require ldap-group does not work if account-fullname in AD/Samba4 contains comma

Status:	NEW

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_ldap (show other bugs)
Version:	2.4.10
Hardware:	PC Linux

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-08-18 14:11 UTC by dudleyperkins
Modified:	2015-08-18 14:12 UTC (History)
CC List:	1 user (show)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description dudleyperkins 2015-08-18 14:11:34 UTC

Just spend hours on this and wanted to mention it here, as i could not find a related bug.

System is a Debian Jessie with current apache 2.4.10 packages.

Simple Basic (LDAP-)Authentication is used, within a location section, against a Jessie with samba4.

AuthType Basic
    AuthName "SSL-Gateway"
    AuthBasicProvider ldap
    AuthLDAPURL "ldap://dc.domain.de/ou=Test,dc=domain,dc=de?sAMAccountName?sub?(objectClass=*)"
    AuthLDAPBindDN "ldap@domain.de"
    AuthLDAPBindPassword "pass"
    Require ldap-group cn=test,ou=Test,dc=domain,dc=de

This fails if the users-fullname in samba4 contains a comma like "lastname,firstname".

!It is succesfull if the fullname of the user is changed in samba (removing the colon)!

!It is also succesfull if the comma in fullname is kept but the "Require ldap-group" is replaced with a simple "Require valid-user"!

Let me know if more information is needed and or this bug(?) should be filed against samba4.