diff --git a/plsc_ordered.py b/plsc_ordered.py index 3c38e64..89368ba 100755 --- a/plsc_ordered.py +++ b/plsc_ordered.py @@ -110,7 +110,7 @@ def create(src, dst): admin_dn = 'cn=admin,' + service_dn # find existing services - service_dns = dst.find(dst.basedn, f"(&(objectClass=dcObject)(dc={service}))") + service_dns = dst.find(dst.basedn, f"(&(objectClass=dcObject)(dc={util.escape_filter_chars(service)}))") # Pivotal 106: If Service does not (yet) exists in LDAP and is not enable for LDAP # in SBS, do not create it at all. If it does exists in LDAP, that means that diff --git a/util.py b/util.py index cedd15d..ea038ea 100644 --- a/util.py +++ b/util.py @@ -1,6 +1,9 @@ import json import ldap +SPECIAL_DN_CHARACTERS = "\\,+<>;\"= " +SPECIAL_FILTER_CHARACTERS = "\\*()" + def make_secret(password): import passlib.hash @@ -9,16 +12,14 @@ def make_secret(password): def unescape_dn_chars(s): - s = s.replace(r'\5C', '\\') - s = s.replace(r'\2C', r',') - s = s.replace(r'\23', r'#') - s = s.replace(r'\2B', r'+') - s = s.replace(r'\3C', r'<') - s = s.replace(r'\3E', r'>') - s = s.replace(r'\3B', r';') - s = s.replace(r'\22', r'"') - s = s.replace(r'\3D', r'=') - s = s.replace(r'\00', '\x00') + for c in SPECIAL_DN_CHARACTERS: + s = s.replace("\\" + hex(ord(c))[2:].upper(), c) + return s + + +def escape_filter_chars(s): + for c in SPECIAL_FILTER_CHARACTERS: + s = s.replace(c, "\\" + hex(ord(c))[2:].upper()) return s