Tamil Selvan
Tamil Selvan2mo ago

LDAP Login Failed: invalid URL escape "%E$"'

I am trying to login through the LDAP, but when password contains special character like %$ I am getting error like below invalid StartIdentityProviderIntentRequest.Ldap: embedded message failed validation | caused by: invalid LDAPCredentials.Password: value must be a valid URI | caused by: parse "Password@%E$": invalid URL escape "%E$"' So, here the password of the user is Password@%E$, This error happened when tried in custom login, Zitadel login UI able to login successfully. Here the code snippet for LdapFlowIndent const ldapIntentResponse = await startIdpFlowIntent({ idpId: selectedDomain, content: { case: "ldap", value: { password, username: adIdValue, } as LDAPCredentials, }, }); https://github.com/zitadel/zitadel/blob/bb9e55776031232e25fb3e227c97e38a69e49aab/proto/zitadel/user/v2/idp.proto#L22 password, Is there any way to encode and send the password, tried encodeURIComponent, but failed miserably. version: v2.65.0
GitHub
zitadel/proto/zitadel/user/v2/idp.proto at bb9e55776031232e25fb3e22...
ZITADEL - Identity infrastructure, simplified for you. - zitadel/zitadel
11 Replies
Ask Inkeep
Ask Inkeep2mo ago
Hi @Tamil Selvan, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question. Answer I wasn't able to find a direct answer, here are some relevant sources: 1. [Add LDAP Identity Provider] (1) : Describes the API body and expected attributes for LDAP authentication, but does not mention encoding or handling of special characters in passwords. 2. [getting error while login using LDAP error] (2) : Discusses troubleshooting LDAP authentication errors, including certificate and credential issues, but does not address special character encoding in passwords. ​ To learn more, see the sources I considered: [1] Add LDAP Identity Provider [2] getting error while login using LDAP error ​ Feel free to tag @Ask Inkeep with additional questions.
Tamil Selvan
Tamil SelvanOP2mo ago
@Ask Inkeep Is there any way to encode the password before starting the LDAP indent?
Ask Inkeep
Ask Inkeep2mo ago
Thanks for the follow-up, @Tamil Selvan. I'll get back to you soon. Answer I wasn't able to find a direct answer, here are some relevant sources: 1. [Start flow with an identity provider] (1) : Documents the structure and requirements for submitting LDAP credentials, including the password field, but does not mention any encoding or special handling for passwords with special characters. 2. [Add LDAP Identity Provider] (2) : Explains the expected attributes for LDAP authentication and the format for sending credentials, but does not specify a method for encoding passwords or handling special characters. ​ To learn more, see the sources I considered: [1] Start flow with an identity provider [2] Add LDAP Identity Provider ​ Feel free to tag @Ask Inkeep with additional questions.
Tamil Selvan
Tamil SelvanOP2mo ago
@Ask Inkeep Any update on the above query? Is it a bug
Ask Inkeep
Ask Inkeep2mo ago
Thanks for the follow-up, @Tamil Selvan. I'll get back to you soon. Answer I wasn't able to find a direct answer, here are some relevant sources: 1. [Start flow with an identity provider][(2) ]: Documents how to submit LDAP credentials (including password) but does not specify a method for encoding or handling special characters, nor mention if this is a bug. 2. [LDAP "user does not exist or too many entries returned" error -- bad filters?][(4) ]: Discusses troubleshooting LDAP configuration and filter issues but does not address password encoding or bugs related to special characters. Feel free to tag @Ask Inkeep with additional questions. Got it. Tagging @Rajat for additional help.
Rajat
Rajat2mo ago
hey @Tamil Selvan thanks for your question, I will take a look at it and will get back to you
Tamil Selvan
Tamil SelvanOP2mo ago
okay Thanks, when I dig further I also found that the problem was due to the validation here https://github.com/zitadel/zitadel/blob/bb9e55776031232e25fb3e227c97e38a69e49aab/proto/zitadel/user/v2/idp.proto#L23 * (validate.rules).string = {min_len: 1, max_len: 200, uri_ref: true}* If in case it can be helpful @Rajat
Gigi the Giraffe (Zitadel)
Gigi the Giraffe (Zitadel)2mo ago
🎉 Looks like you just helped out another community member! Thanks for being so helpful <@1311629559908532278>! You're now one step closer to leveling up—keep up the amazing peer support! 🚀
Tamil Selvan
Tamil SelvanOP2mo ago
If there is any workaround until the issue can be fixed @Rajat, would be greatly helpful!
Rajat
Rajat2mo ago
can you raise a pr for the validation?. It seems pretty quick small bug
Tamil Selvan
Tamil SelvanOP2mo ago
Sure will do @Rajat

Did you find this page helpful?