illegal unescaped char: ( when signing in with LDAP_SYNC_ADMIN_STATUS: 'true' and "()" character in cn
Created by: christiangierschner
Server Setup Information
- Did you test in newest Wekan?: Yes
- Did you configure root-url correctly so Wekan cards open correctly (see https://github.com/wekan/wekan/wiki/Settings)? Yes
- Operating System: Ubuntu 22.04
- Deployment Method (Snap/Docker/Sandstorm/bundle/source): Docker
- Http frontend if any (Caddy, Nginx, Apache, see config examples from Wekan GitHub wiki first): Traefik
- Node.js Version: Wekan v7.22
- MongoDB Version: 7.0.4
- What webbrowser version are you using (Wekan should work on all modern browsers that support Javascript)? FF
Problem description
When signing in with normal user account, everything works fine. When signing in with admin user account, docker compose logs show error:
wekan_1 | 2023-12-05T15:37:43.355149249Z [ERROR] Error: illegal unescaped char: (
Reproduction Steps
normal user cn: user admin user cn: user (admin) normal user sAMAccountName: user admin user sAMAccountName: user-admin
each time between tries: docker compose down -v
renaming admin user cn works: user-admin but with () it does not
If i sign in with my admin account in a vanilla setup without any configuration, i can sign in... in my setup where i want users from an admin group to be admin on first login, the error occurs
we need a fix with escaping () in cn or dn when signing in with an admin group
thanks so much
greets
Christian
Logs
wekan_1 | 2023-12-05T15:46:20.017689492Z [INFO] Init LDAP login "user"
wekan_1 | 2023-12-05T15:46:20.076536727Z {"line":"92","file":"ldap.js","message":"Init setup","time":{"$date":1701791180076},"level":"info"}
wekan_1 | 2023-12-05T15:46:20.077019284Z {"line":"130","file":"ldap.js","message":"Connecting ldaps://domain:636","time":{"$date":1701791180076},"level":"info"}
wekan_1 | 2023-12-05T15:46:20.196572589Z {"line":"182","file":"ldap.js","message":"LDAP connected","time":{"$date":1701791180196},"level":"info"}
wekan_1 | 2023-12-05T15:46:20.197221405Z {"line":"259","file":"ldap.js","message":"Binding UserDN user@domain","time":{"$date":1701791180197},"level":"info"}
wekan_1 | 2023-12-05T15:46:20.202345911Z {"line":"282","file":"ldap.js","message":"Searching user user","time":{"$date":1701791180202},"level":"info"}
wekan_1 | 2023-12-05T15:46:20.212428003Z {"line":"569","file":"ldap.js","message":"Search result count 1","time":{"$date":1701791180212},"level":"info"}
wekan_1 | 2023-12-05T15:46:20.237744405Z {"line":"569","file":"ldap.js","message":"Search result count 35","time":{"$date":1701791180237},"level":"info"}
wekan_1 | 2023-12-05T15:46:20.241316926Z {"line":"569","file":"ldap.js","message":"Search result count 1","time":{"$date":1701791180241},"level":"info"}
wekan_1 | 2023-12-05T15:46:20.241780578Z {"line":"576","file":"ldap.js","message":"Authenticating CN=Name\\, givenName,DC=domain","time":{"$date":1701791180241},"level":"info"}
wekan_1 | 2023-12-05T15:46:20.246287616Z {"line":"583","file":"ldap.js","message":"Authenticated CN=Name\\, givenName,DC=domain","time":{"$date":1701791180246},"level":"info"}
wekan_1 | 2023-12-05T15:46:20.246749666Z [DEBUG] Identifying user with: sAMAccountName
wekan_1 | 2023-12-05T15:46:20.246823312Z [INFO] Querying user
wekan_1 | 2023-12-05T15:46:20.246836326Z [DEBUG] userQuery {
wekan_1 | 2023-12-05T15:46:20.246839282Z "services.ldap.id": "474945525343484348"
wekan_1 | 2023-12-05T15:46:20.246841736Z }
wekan_1 | 2023-12-05T15:46:20.249043330Z [DEBUG] userQuery {
wekan_1 | 2023-12-05T15:46:20.249053197Z "username": "user"
wekan_1 | 2023-12-05T15:46:20.249056433Z }
wekan_1 | 2023-12-05T15:46:20.250387207Z [INFO] User does not exist, creating "user"
wekan_1 | 2023-12-05T15:46:20.250708204Z [DEBUG] Identifying user with: sAMAccountName
wekan_1 | 2023-12-05T15:46:20.250930327Z [DEBUG] Identifying user with: sAMAccountName
wekan_1 | 2023-12-05T15:46:20.251126932Z [DEBUG] New user data {
wekan_1 | 2023-12-05T15:46:20.251143003Z "username": "user",
wekan_1 | 2023-12-05T15:46:20.251147431Z "email": "user@domain"
wekan_1 | 2023-12-05T15:46:20.251150507Z }
wekan_1 | 2023-12-05T15:46:20.333697338Z [INFO] Syncing user data
wekan_1 | 2023-12-05T15:46:20.333722233Z [DEBUG] user {
wekan_1 | 2023-12-05T15:46:20.333725970Z "email": "user@domain",
wekan_1 | 2023-12-05T15:46:20.333729437Z "_id": "XXzdLRDJFRcrjkwBk"
wekan_1 | 2023-12-05T15:46:20.333732633Z }
wekan_1 | 2023-12-05T15:46:20.334062537Z [DEBUG] fullname= "Name, givenName"
wekan_1 | 2023-12-05T15:46:20.334073938Z [INFO] Syncing user fullname: "Name, givenName"
wekan_1 | 2023-12-05T15:46:20.337760191Z [DEBUG] Updating admin status
wekan_1 | 2023-12-05T15:46:20.374997313Z {"line":"569","file":"ldap.js","message":"Search result count 35","time":{"$date":1701791180374},"level":"info"}
wekan_1 | 2023-12-05T15:46:26.851652255Z [INFO] Init LDAP login "user-admin"
wekan_1 | 2023-12-05T15:46:26.852359710Z {"line":"92","file":"ldap.js","message":"Init setup","time":{"$date":1701791186852},"level":"info"}
wekan_1 | 2023-12-05T15:46:26.852827059Z {"line":"130","file":"ldap.js","message":"Connecting ldaps://med.tu-dresden.de:636","time":{"$date":1701791186852},"level":"info"}
wekan_1 | 2023-12-05T15:46:26.973434734Z {"line":"182","file":"ldap.js","message":"LDAP connected","time":{"$date":1701791186973},"level":"info"}
wekan_1 | 2023-12-05T15:46:26.973899417Z {"line":"259","file":"ldap.js","message":"Binding UserDN user@domain","time":{"$date":1701791186973},"level":"info"}
wekan_1 | 2023-12-05T15:46:26.976373887Z {"line":"282","file":"ldap.js","message":"Searching user user-admin","time":{"$date":1701791186976},"level":"info"}
wekan_1 | 2023-12-05T15:46:26.979941259Z {"line":"569","file":"ldap.js","message":"Search result count 1","time":{"$date":1701791186979},"level":"info"}
wekan_1 | 2023-12-05T15:46:26.980625842Z [ERROR] Error: illegal unescaped char: (