problem with eldap module

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

problem with eldap module

Minin Maxim-2

Hello,

 

I have a problem with eldap module.  The call  eldap:simple_bind(Handle, Dn, Password) don't work correct if the password contains sign '§'.

Is it a known issue? Have I to report this as a bug?

 

I think , the cause of the problem is maybe the encoding function in ELDAPv3 module (asn1 module from eldap lib). I have generated ELDAPv3.erl from ELDAPv3.asn1 (call asn1ct:compile("ELDAPv3.asn1") and found this:

...

encode(Type, Data) ->

try iolist_to_binary(element(1, encode_disp(Type, Data))) of

  Bytes ->

    {ok,Bytes}

......

 

this call to iolist_to_binary makes the problem by § sign and should by replace by  unicode:characters_to_binary/3

1> erlang:iolist_to_binary([167]).

<<"§">>

2> unicode:characters_to_binary([167], utf8, utf8).

<<"§"/utf8>>

3>

 

As a workaround I just convert the password string to binary bevor eldap:simple_bind/4 call, like that:

...

PaswordAsBin = unicode:characters_to_binary(Password,utf8,utf8),

BindAnswer =  eldap:simple_bind(UserHandle,DN,PaswordAsBin),

...

 

It works but according to documentation of eldap module the password have to be string:

"simple_bind(Handle, Dn, Password) -> return_value()

                OTP R15B01

Types

Handle = handle()

Dn = string()

Password = string()

Authenticate the connection using simple authentication."

 

Thanks

Maxim

 


_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions

smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: problem with eldap module

Guilherme Andrade
Hello Maxim,


On Fri, 4 Oct 2019 at 13:16, Minin Maxim <[hidden email]> wrote:

Hello,

 

I have a problem with eldap module.  The call  eldap:simple_bind(Handle, Dn, Password) don't work correct if the password contains sign '§'.

Is it a known issue? Have I to report this as a bug?

 

I think , the cause of the problem is maybe the encoding function in ELDAPv3 module (asn1 module from eldap lib). I have generated ELDAPv3.erl from ELDAPv3.asn1 (call asn1ct:compile("ELDAPv3.asn1") and found this:

...

encode(Type, Data) ->

try iolist_to_binary(element(1, encode_disp(Type, Data))) of

  Bytes ->

    {ok,Bytes}

......

 

this call to iolist_to_binary makes the problem by § sign and should by replace by  unicode:characters_to_binary/3

1> erlang:iolist_to_binary([167]).

<<"§">>

2> unicode:characters_to_binary([167], utf8, utf8).

<<"§"/utf8>>

3>

 

As a workaround I just convert the password string to binary bevor eldap:simple_bind/4 call, like that:

...

PaswordAsBin = unicode:characters_to_binary(Password,utf8,utf8),

BindAnswer =  eldap:simple_bind(UserHandle,DN,PaswordAsBin),


I've encountered this issue before; I worked around it the same way you did, while also applying an extra conversion for Dialyzer's sake:

    Normalized = unicode:characters_to_nfkc_binary(Password),
    ByteList = binary_to_list(Normalized)

Which in effect produces a list of bytes that's UTF-8 encoded rather than in IEC 8859-1.

I should point out though, that normalizing it to a single Unicode form is important in this sort of thing, lest you get failed authorizations because some password contains a symbol with more than a single representation.
At the time I concluded that the KC norm was the one to be used with LDAP, but I don't recall the source.

 

...

 

It works but according to documentation of eldap module the password have to be string:

"simple_bind(Handle, Dn, Password) -> return_value()

                OTP R15B01

Types

Handle = handle()

Dn = string()

Password = string()

Authenticate the connection using simple authentication."

 

Thanks

Maxim

 

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions


--
Guilherme

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions