Merge branch 'ldap-filter-eq' into 'master'

Escape wildcards when searching LDAP by username.

Addresses https://dev.gitlab.org/gitlab/gitlabhq/issues/2086.

Also see https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/344 and https://dev.gitlab.org/gitlab/omniauth-ldap/merge_requests/2.

See merge request !1644

CHANGELOG

@@ -58,6 +58,7 @@ v 7.8.2
   - Fix import check for case sensetive namespaces
   - Increase timeout for Git-over-HTTP requests to 1 hour since large pulls/pushes can take a long time.
   - Properly handle autosave local storage exceptions.
+  - Escape wildcards when searching LDAP by username.
 
 v 7.8.1
   - Fix run of custom post receive hooks

lib/gitlab/ldap/authentication.rb

@@ -50,7 +50,7 @@ module Gitlab
       end
 
       def user_filter(login)
-        filter = Net::LDAP::Filter.eq(config.uid, login)
+        filter = Net::LDAP::Filter.equals(config.uid, login)
 
         # Apply LDAP user filter if present
         if config.user_filter.present?

lib/gitlab/ldap/person.rb

@@ -9,10 +9,12 @@ module Gitlab
       attr_accessor :entry, :provider
 
       def self.find_by_uid(uid, adapter)
+        uid = Net::LDAP::Filter.escape(uid)
         adapter.user(adapter.config.uid, uid)
       end
 
       def self.find_by_dn(dn, adapter)
+        dn = Net::LDAP::Filter.escape(dn)
         adapter.user('dn', dn)
       end