Support dash in LDAP attribute names in filters.

2026-01-23 15:38:06 -03:30 · 2017-10-08 22:21:32 -04:00 · 2017-10-08 22:21:32 -04:00 · c067788428
commit c067788428
parent f93506fe2c
2 changed files with 6 additions and 1 deletions
--- a/awx/sso/tests/unit/test_ldap.py
+++ b/awx/sso/tests/unit/test_ldap.py
@ -1,6 +1,7 @@
 import ldap

 from awx.sso.backends import LDAPSettings
+from awx.sso.validators import validate_ldap_filter


 def test_ldap_default_settings(mocker):
@ -19,3 +20,7 @@ def test_ldap_default_network_timeout(mocker):
            ldap.OPT_REFERRALS: 0,
            ldap.OPT_NETWORK_TIMEOUT: 30
        }
+
+
+def test_ldap_filter_validator():
+    validate_ldap_filter('(test-uid=%(user)s)', with_user=True)
--- a/awx/sso/validators.py
+++ b/awx/sso/validators.py
@ -47,7 +47,7 @@ def validate_ldap_filter(value, with_user=False):
        dn_value = value.replace('%(user)s', 'USER')
    else:
        dn_value = value
-    if re.match(r'^\([A-Za-z0-9]+?=[^()]+?\)$', dn_value):
+    if re.match(r'^\([A-Za-z0-9-]+?=[^()]+?\)$', dn_value):
        return
    elif re.match(r'^\([&|!]\(.*?\)\)$', dn_value):
        try: