First of all, thank you so much for the great work on UrBackup — it’s much appreciated and we truly love using it!
[Bugreport]
Product: UrBackup Server
Version: UrBackup 2.5.33
OS: Windows Server 2022
Environment: LDAP enabled
Language: German (lang: "de")
Description:
When LDAP is enabled, login fails for users (both local and LDAP) if their password contains a $ character.
Steps to Reproduce:
- Activate LDAP.
- Create two local users:
Administratorwith passwordWelcome1Failuserwith password123$
- Attempt to log in with:
- Username:
Failuser - Password:
123$
- Observe the response from the login API:
json
KopierenBearbeiten
{
"api_version": 2,
"lang": "de",
"ldap_enabled": true,
"success": false
}
- Now log in with:
- Username:
Administrator - Password:
Welcome1
- Change the password of
Failuserto just123(no$). - Try logging in again with:
- Username:
Failuser - Password:
123
→ This time, login succeeds.
Expected Behavior:
Users should be able to log in successfully regardless of special characters like $ in their passwords, even when LDAP is enabled.
Actual Behavior:
Login fails when the password contains a $, despite the user and password being valid.
Impact:
This affects both LDAP and local users, preventing logins when certain special characters are present in passwords.
Possible Cause:
It appears that the password is not properly sanitized or escaped before being processed when LDAP is enabled. The $ symbol might be misinterpreted during authentication or LDAP query execution.