mirror of
https://github.com/scylladb/scylladb.git
synced 2026-05-23 00:02:37 +00:00
ecc3bcabd4
Add tests that reproduce LDAP filter injection via unescaped {USER}
substitution (SCYLLADB-1309). A wildcard username ('*') matches
every group entry, and a parenthesis payload (")(uid=*") breaks the
search filter.
Extend the LDAP test fixture (ldap_server.py, slapd.conf) with
memberUid attributes and the NIS schema so the new tests can
exercise direct filter-value substitution.
19 lines
510 B
Plaintext
19 lines
510 B
Plaintext
# before the first database definition
|
|
database config
|
|
# NOTE: the suffix is hardcoded as cn=config and
|
|
# MUST not have a suffix directive
|
|
# normal rules apply - rootdn can be anything you want
|
|
# but MUST be under cn=config
|
|
rootdn "cn=admin,cn=config"
|
|
|
|
pidfile ./pidfile.pid
|
|
include /etc/openldap/schema/core.schema
|
|
include /etc/openldap/schema/cosine.schema
|
|
include /etc/openldap/schema/nis.schema
|
|
|
|
database mdb
|
|
suffix "dc=example,dc=com"
|
|
rootdn "cn=root,dc=example,dc=com"
|
|
rootpw secret
|
|
index objectClass eq
|