First of all, thank you so much for the great work on UrBackup — it’s much appreciated and we truly love using it!
[Bugreport]
Product: UrBackup Server
Version: UrBackup 2.5.33
OS: Windows Server 2022
Environment: LDAP enabled
Language: German (lang: "de"
)
Description:
When LDAP is enabled, login fails for users (both local and LDAP) if their password contains a $
character.
Steps to Reproduce:
- Activate LDAP.
- Create two local users:
Administrator
with passwordWelcome1
Failuser
with password123$
- Attempt to log in with:
- Username:
Failuser
- Password:
123$
- Observe the response from the login API:
json
KopierenBearbeiten
{
"api_version": 2,
"lang": "de",
"ldap_enabled": true,
"success": false
}
- Now log in with:
- Username:
Administrator
- Password:
Welcome1
- Change the password of
Failuser
to just123
(no$
). - Try logging in again with:
- Username:
Failuser
- Password:
123
→ This time, login succeeds.
Expected Behavior:
Users should be able to log in successfully regardless of special characters like $
in their passwords, even when LDAP is enabled.
Actual Behavior:
Login fails when the password contains a $
, despite the user and password being valid.
Impact:
This affects both LDAP and local users, preventing logins when certain special characters are present in passwords.
Possible Cause:
It appears that the password is not properly sanitized or escaped before being processed when LDAP is enabled. The $
symbol might be misinterpreted during authentication or LDAP query execution.