From 59a32a148f51c4768c9068f2f7f11b05804a649b Mon Sep 17 00:00:00 2001
From: Matt Scott <matt@azorian.solutions>
Date: Fri, 8 Dec 2023 06:17:34 -0500
Subject: [PATCH] Corrected a mistake with the new LDAP search filter cleansing
 that broke LDAP altogether. Moved the filtering to only target the user DN
 with Active Directory LDAP connections.

---
 powerdnsadmin/models/user.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/powerdnsadmin/models/user.py b/powerdnsadmin/models/user.py
index 02e4af0..42f894f 100644
--- a/powerdnsadmin/models/user.py
+++ b/powerdnsadmin/models/user.py
@@ -146,8 +146,6 @@ class User(db.Model):
     def ldap_search(self, searchFilter, baseDN, retrieveAttributes=None):
         searchScope = ldap.SCOPE_SUBTREE
 
-        searchFilter = self.escape_filter_chars(searchFilter)
-
         try:
             conn = self.ldap_init_conn()
             if Setting().get('ldap_type') == 'ad':
@@ -292,7 +290,7 @@ class User(db.Model):
                                     Operator=LDAP_OPERATOR_GROUP,
                                     User=LDAP_USER_GROUP,
                                 )
-                                user_dn = ldap_result[0][0][0]
+                                user_dn = self.escape_filter_chars(ldap_result[0][0][0])
                                 sf_groups = ""
 
                                 for group in ldap_group_security_roles.values():