View Issue Details

IDProjectCategoryView StatusLast Update
0020809mantisbtauthenticationpublic2018-03-02 21:52
ReporterMr.BricodageAssigned To 
PrioritynormalSeveritycrashReproducibilityalways
Status newResolutionopen 
Product Version1.2.17 
Target VersionFixed in Version 
Summary0020809: Auth with AD KO when UTF-8 chars in password
Description

Mantis send wrong password to active directory when UTF-8 char (at least french accents) are present in password value.

Steps To Reproduce

1) Set a password with utf-8 char in your AD
2) Link a Mantis to this AD
3) Try to connect => connection refused

Additional Information

Workaround on 1.2.17 :
function ldap_authenticate_by_username( $p_username, $p_password )
[...]
$c_username = ldap_escape_string( $p_username );
$t_ldap_organization = config_get( 'ldap_organization' );
[...]

changed to
[...]
$c_username = ldap_escape_string( $p_username );
$p_password = utf8_decode( $p_password );
$t_ldap_organization = config_get( 'ldap_organization' );
[...]

TagsNo tags attached.

Relationships

related to 0023390 new Unable to auth user through SOAP API if special char in LDAP realname 

Activities

Mr.Bricodage

Mr.Bricodage

2018-03-02 09:42

reporter   ~0059069

Just found that the workaround was wrong in one case :
if the password contains '€', login is impossible. That's because the password encoding is not UTF-8 but Windows-1252.
'€' char is coded 0x80 with Windows-1252, 0xE2 0x82 0xAC with UTF-8.

The workaround is now :

[...]
$c_username = ldap_escape_string( $p_username );
$p_password = iconv( "UTF-8", "Windows-1252", $p_password );
$t_ldap_organization = config_get( 'ldap_organization' );
[...]

Issue History

Date Modified Username Field Change
2016-04-14 03:02 Mr.Bricodage New Issue
2018-03-02 09:42 Mr.Bricodage Note Added: 0059069
2018-03-02 21:52 vboctor Relationship added related to 0023390