Re: [MRBS-general] LDAP authentication failure (bug?)
Brought to you by:
jberanek
From: John B. <joh...@pa...> - 2003-03-28 13:47:19
|
John Beranek wrote: > Arnaud Gomes-do-Vale wrote: > >> Hi, >> >> I have set up MRBS to authenticate users against an existing LDAP >> database (OpenLDAP 2.0.x). A user whose password contains a single >> quote gets "authorization refused" errors. I think this failure is >> caused by unnecessarily escaping the password (magic_quotes_gpc is On >> in php.ini), but I don't know how to fix it. Can anyone confirm this? >> Is this an MRBS bug? Is it safe to turn magic_quote_gpc off to run >> MRBS? > > > Which version are you using? I made a fix in CVS (in October 2002) to > improve the quoting of passwords for auth_ext.inc authentication... Hmm, just tried it here (with PHP 4.2.2, magic_quotes_gpc on) and a password with a single quote in it fails to work. It seems the shell command is getting \' instead of ' I'll take a little look into it... John. -- John Beranek, Senior Software Engineer Pace Micro Technology plc. (Cambridge) Tel: +44 1223 518561 645 Newmarket Road, Fax: +44 1223 518526 Cambridge, CB5 8PB, UK. Web: http://www.pace.co.uk/ |