use strict;
use warnings;
-our $VERSION = '1.013';
+our $VERSION = '1.014';
use Catalyst::Authentication::Store::LDAP::User;
use Net::LDAP;
$self->_ldap_bind_anon($ldap);
}
else {
- if ($bindpw) {
+ # Don't fall back to unauthenticated bind when authenticating
+ if ($bindpw or $forauth eq 'forauth') {
my $mesg = $ldap->bind( $binddn, 'password' => $bindpw );
if ( $mesg->is_error ) {
sub lookup_user {
my ( $self, $id ) = @_;
- # No sneaking in wildcards!
- if ( $id =~ /\*/ ) {
- Catalyst::Exception->throw("ID $id contains wildcards!");
- }
-
# Trim trailing space or we confuse ourselves
$id =~ s/\s+$//;
my $ldap = $self->ldap_bind;
my $self = shift;
my $filter = shift;
my $replace = shift;
+ $replace =~ s/([*()\\\x{0}])/sprintf '\\%02x', ord($1)/ge;
$filter =~ s/\%s/$replace/g;
return $filter;
}