Do not escape password for LDAP connectors (#3470)

With the change introduced in #3372 Dex declines passwords that contain special characters. Since password is not passed to any kind of filters, it is safe to pass a password as is. No LDAP query injections are possible. This commit is a revert of password escaping. Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
dexidp · Apr 9, 2024 · 3705207 · 3705207
1 parent 98980ca
commit 3705207
Showing 1 changed file with 0 additions and 1 deletion.
diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go
@@ -473,7 +473,6 @@ func (c *ldapConnector) Login(ctx context.Context, s connector.Scopes, username,
 	)
 
 	username = ldap.EscapeFilter(username)
-	password = ldap.EscapeFilter(password)
 
 	err = c.do(ctx, func(conn *ldap.Conn) error {
 		entry, found, err := c.userEntry(conn, username)