X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FAuthentication%2FStore%2FLDAP%2FBackend.pm;h=8e69c59dc1f74fc118ebdab1a81a076f8d0f2ebf;hb=18d41a8f2fa6fcc3957535176d9cbc4715bd3f84;hp=a0be77a8212078e37df7b3f7d6f973a86cb97526;hpb=4d784742b52f19a6975c4c3b72c51134e7725f8e;p=catagits%2FCatalyst-Authentication-Store-LDAP.git

diff --git a/lib/Catalyst/Authentication/Store/LDAP/Backend.pm b/lib/Catalyst/Authentication/Store/LDAP/Backend.pm
index a0be77a..8e69c59 100644
--- a/lib/Catalyst/Authentication/Store/LDAP/Backend.pm
+++ b/lib/Catalyst/Authentication/Store/LDAP/Backend.pm
@@ -72,7 +72,7 @@ use base qw( Class::Accessor::Fast );
 use strict;
 use warnings;
 
-our $VERSION = '1.013';
+our $VERSION = '1.014';
 
 use Catalyst::Authentication::Store::LDAP::User;
 use Net::LDAP;
@@ -226,7 +226,8 @@ sub ldap_bind {
         $self->_ldap_bind_anon($ldap);
     }
     else {
-        if ($bindpw) {
+        # Don't fall back to unauthenticated bind when authenticating
+        if ($bindpw or $forauth eq 'forauth') {
             my $mesg = $ldap->bind( $binddn, 'password' => $bindpw );
             if ( $mesg->is_error ) {
 
@@ -281,11 +282,6 @@ This method is usually only called by find_user().
 sub lookup_user {
     my ( $self, $id ) = @_;
 
-    # No sneaking in wildcards!
-    if ( $id =~ /\*/ ) {
-        Catalyst::Exception->throw("ID $id contains wildcards!");
-    }
-
     # Trim trailing space or we confuse ourselves
     $id =~ s/\s+$//;
     my $ldap = $self->ldap_bind;
@@ -418,6 +414,7 @@ sub _replace_filter {
     my $self    = shift;
     my $filter  = shift;
     my $replace = shift;
+    $replace =~ s/([*()\\\x{0}])/sprintf '\\%02x', ord($1)/ge;
     $filter =~ s/\%s/$replace/g;
     return $filter;
 }