From 3414095fea7f846ca2b9b5f164e2e63c81c51500 Mon Sep 17 00:00:00 2001
From: Erik Sundell <erik@sundellopensource.se>
Date: Sat, 14 Sep 2024 22:47:17 +0200
Subject: [PATCH] Fix escaping issue when escape_userdn and allowed_groups are
 configured

---
 ldapauthenticator/ldapauthenticator.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ldapauthenticator/ldapauthenticator.py b/ldapauthenticator/ldapauthenticator.py
index 2fc97b0..3cbd61d 100644
--- a/ldapauthenticator/ldapauthenticator.py
+++ b/ldapauthenticator/ldapauthenticator.py
@@ -365,12 +365,13 @@ async def authenticate(self, handler, data):
         is_bound = False
         for dn in bind_dn_template:
             userdn = dn.format(username=username)
-            if self.escape_userdn:
-                userdn = escape_filter_chars(userdn)
             self.log.debug(f"Attempting to bind {username} with {userdn}")
             msg = "Status of user bind {username} with {userdn} : {is_bound}"
             try:
-                conn = self.get_connection(userdn, password)
+                if self.escape_userdn:
+                    conn = self.get_connection(escape_filter_chars(userdn), password)
+                else:
+                    conn = self.get_connection(userdn, password)
             except ldap3.core.exceptions.LDAPBindError as exc:
                 is_bound = False
                 msg += "\n{exc_type}: {exc_msg}".format(