fix #4609: allow valid DN in ldap/ad realm config

[pve-access-control.git] / src / PVE / Auth / LDAP.pm

diff --git a/src/PVE/Auth/LDAP.pm b/src/PVE/Auth/LDAP.pm
index 4d771e7ff8adde4b3bd8a2c7168e0e8e8859d543..fc82a17ad3baa26e1c5cc1a4fd71d3af105f0c15 100755 (executable)
--- a/src/PVE/Auth/LDAP.pm
+++ b/src/PVE/Auth/LDAP.pm
@@ -10,7 +10,8 @@ use PVE::Tools;
 
 use base qw(PVE::Auth::Plugin);
 
-our $dn_regex = qr!\w+=("[\w ,+/<>;=]+"|[^ ,+"/<>;=]+)(,\s*\w+=("[\w ,+/<>;=]+"|[^ ,+"/<>;=]+))*!;
+my  $dn_part_regex = qr!("[^"]+"|[^ ,+"/<>;=#][^,+"/<>;=]*[^ ,+"/<>;=]|[^ ,+"/<>;=#])!;
+our $dn_regex = qr!\w+=${dn_part_regex}(,\s*\w+=${dn_part_regex})*!;
 
 sub type {
     return 'ldap';