Bug 307144

Summary: LDAP credentials saved wrongly if password cotains a colon
Product: [Applications] kdepimlibs Reporter: Jörg Schaible <joerg.schaible>
Component: kldapAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED UNMAINTAINED    
Severity: normal CC: kdenis, marc+bugs, montel
Priority: NOR    
Version: 4.8   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Jörg Schaible 2012-09-21 08:52:39 UTC 
Using an LDAP resource for the address book with an user who has a colon in its password, the credentials are constantly mixed up, because parts of the password are used for the user's name.

Reproducible: Always

Steps to Reproduce:
1. Create an LDAP resource and connect with an user that has a colon in its password
2. Start Kmail, create a new email and start typing in the address field
3. Auto-completion tries to access the LDAP, fails and a dialog appears to enter user name and password
4. Enter correct values, check box to save values and press OK
5. Auto-completion worked, results are visible in the drop-down box
6. Press next character

Actual Results:  
LDAP dialog appears again (obviously LDAP connection failed again) and this time the dialog field for the user contains additionally parts of the password as default

Expected Results:  
It should have been possible to establish the LDAP connection again without problems

Example connecting to an Active Directory server with LDAP:
- Username: "DOMAIN\me"
- Password: "my:pwd"

The dialog will use later as wrong defaults:
- Username: "DOMAIN\me:my"
- Password: "pwd"

It looks like that some component has problems with URL encoding and/or URL interpretation. The LDAP URL should be something like:

ldaps://DOMAIN%92me:my%58password@host:port/...

However, if some component fails to URL encode the values, you get:

ldaps://DOMAIN\me:my:password@host:port/...

In this case it is now moot to guess how this URL has to be interpreted, but the wrong default values in the LDAP dialog get obvious.

Since the LDAP connection works right directly after entering the proper values, the error must be later either when the values are saved for later reuse or when the URL is built again.
Comment 1 Jörg Schaible 2012-09-21 08:56:24 UTC 
BTW: Since all configuration files and KWallet contains the plain value of the password, it has to be the code that retrieves the values from the configuration or KWallet. Otherwise the connect to the LDAP directly after entering the proper values in the dialog box again, could not happen.
Comment 2 Laurent Montel 2013-11-22 18:09:11 UTC 
Still valid ?
Comment 3 Marc Mezzarobba 2013-11-22 19:13:53 UTC 
(In reply to comment #2)
> Still valid ?

At least I'm experiencing an issue that looks very much like this with KDE 4.11.3.
Comment 4 Denis Kurz 2016-09-24 20:56:11 UTC 
This bug has only been reported for versions before 4.14, which have been unsupported for at least two years now. Can anyone tell if this bug still present?

If noone confirms this bug for a Framework-based version of kdepim (version 5.0 or later, as part of KDE Applications 15.08 or later), it gets closed in about three months.
Comment 5 Marc Mezzarobba 2016-09-25 10:12:22 UTC 
I can no longer easily test if the bug is still valid, but please consider keeping it open until someone confirms it to be solved, since it could be hard to track down again for new affected users...
Comment 6 Denis Kurz 2016-09-25 19:06:41 UTC 
Marc, there hasn't been any activity on this bug for almost three years, so it seems that not too many users have this problem. However, I will at least ask a colleague if he's able to test it, to be extra sure.
Comment 7 Denis Kurz 2017-01-07 23:38:59 UTC 
I forgot to report back that my colleague wasn't able to test this bug.

Anyway, just as announced in my last comment, I close this bug. If you encounter it again in a recent version (at least 5.0 aka 15.08), please open a new one unless it already exists. Thank you for all your input.