[pve-devel] [PATCH v2 access-control] fix #5136: ldap: Decode non-ASCII characters in attributes

[Thomas Lamprecht]

Am 09/01/2024 um 14:35 schrieb Filip Schauer:
> UTF8 decode non-ASCII characters when syncing user attributes, since
> those will be encoded later on. Without this fix the attributes were
> encoded twice, resulting in cases such as 'ü' turning into 'ü'.
> 
> Signed-off-by: Filip Schauer <f.schauer at proxmox.com>
> ---
> Changes since v1:
> * Do not try to URI unescape the user attributes, since we do that later
>   in PVE::AccessControl::parse_user_config anyways.
> 
>  src/PVE/Auth/LDAP.pm | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/PVE/Auth/LDAP.pm b/src/PVE/Auth/LDAP.pm
> index b958f2b..06177db 100755
> --- a/src/PVE/Auth/LDAP.pm
> +++ b/src/PVE/Auth/LDAP.pm
> @@ -301,7 +301,7 @@ sub get_users {
>  
>  	foreach my $attr (keys %$user_attributes) {
>  	    if (my $ours = $ldap_attribute_map->{$attr}) {
> -		$ret->{$username}->{$ours} = $user_attributes->{$attr}->[0];
> +		$ret->{$username}->{$ours} = Encode::decode('utf8', $user_attributes->{$attr}->[0]);
>  	    }
>  	}
>  

this would need a rebase, oh, and would be great if the original testers
could reconfirm the v2 approach of doing utf-8 decoding only.