LDAP Login Failed: invalid URL escape "%E$"'
I am trying to login through the LDAP, but when password contains special character like %$ I am getting error like below
invalid StartIdentityProviderIntentRequest.Ldap: embedded message failed validation | caused by: invalid LDAPCredentials.Password: value must be a valid URI | caused by: parse "Password@%E$": invalid URL escape "%E$"'
So, here the password of the user is Password@%E$, This error happened when tried in custom login,
Zitadel login UI able to login successfully.
Here the code snippet for LdapFlowIndent
const ldapIntentResponse = await startIdpFlowIntent({ idpId: selectedDomain, content: { case: "ldap", value: { password, username: adIdValue, } as LDAPCredentials, }, });
https://github.com/zitadel/zitadel/blob/bb9e55776031232e25fb3e227c97e38a69e49aab/proto/zitadel/user/v2/idp.proto#L22
password, Is there any way to encode and send the password, tried encodeURIComponent, but failed miserably.
version: v2.65.0
GitHub
zitadel/proto/zitadel/user/v2/idp.proto at bb9e55776031232e25fb3e22...
ZITADEL - Identity infrastructure, simplified for you. - zitadel/zitadel
3 Replies
Hi @Tamil Selvan, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.
Answer
I wasn't able to find a direct answer, here are some relevant sources:
1. [Add LDAP Identity Provider] (1) :
Describes the API body and expected attributes for LDAP authentication, but does not mention encoding or handling of special characters in passwords.
2. [getting error while login using LDAP error] (2) :
Discusses troubleshooting LDAP authentication errors, including certificate and credential issues, but does not address special character encoding in passwords.
To learn more, see the sources I considered:
[1] Add LDAP Identity Provider
[2] getting error while login using LDAP error
Feel free to tag @Ask Inkeep with additional questions.
@Ask Inkeep Is there any way to encode the password before starting the LDAP indent?
Thanks for the follow-up, @Tamil Selvan. I'll get back to you soon.
Answer
I wasn't able to find a direct answer, here are some relevant sources:
1. [Start flow with an identity provider] (1) :
Documents the structure and requirements for submitting LDAP credentials, including the password field, but does not mention any encoding or special handling for passwords with special characters.
2. [Add LDAP Identity Provider] (2) :
Explains the expected attributes for LDAP authentication and the format for sending credentials, but does not specify a method for encoding passwords or handling special characters.
To learn more, see the sources I considered:
[1] Start flow with an identity provider
[2] Add LDAP Identity Provider
Feel free to tag @Ask Inkeep with additional questions.