From ca6cbb95cc8af4216a457f5940e1d5bf756723c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=A1=D0=B0=D1=88=D0=B0=20=D0=98=D0=B2=D0=B0=D0=BD=D0=BE?=
 =?UTF-8?q?=D0=B2?= <solo12zw74@gmail.com>
Date: Wed, 21 Dec 2016 11:43:22 +0300
Subject: [PATCH] #3791 update LDAP username check (#3906)

---
 modules/auth/ldap/ldap.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go
index 55364bfcc..cb50fceb7 100644
--- a/modules/auth/ldap/ldap.go
+++ b/modules/auth/ldap/ldap.go
@@ -59,8 +59,8 @@ func (ls *Source) sanitizedUserQuery(username string) (string, bool) {
 
 func (ls *Source) sanitizedUserDN(username string) (string, bool) {
 	// See http://tools.ietf.org/search/rfc4514: "special characters"
-	badCharacters := "\x00()*\\,='\"#+;<> "
-	if strings.ContainsAny(username, badCharacters) {
+	badCharacters := "\x00()*\\,='\"#+;<>"
+	if strings.ContainsAny(username, badCharacters) || strings.HasPrefix(username, " ") || strings.HasSuffix(username, " ") {
 		log.Debug("'%s' contains invalid DN characters. Aborting.", username)
 		return "", false
 	}