From 9efc29f2dc16b139ed487e2351465c8b4c75baec Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Tue, 6 Mar 2018 10:11:50 +0100
Subject: [PATCH] ldap, cleanse local username on import, closes
 https://github.com/opnsense/core/issues/2242

---
 src/www/system_usermanager_import_ldap.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/www/system_usermanager_import_ldap.php b/src/www/system_usermanager_import_ldap.php
index 22ec839ad..1f2ef6207 100644
--- a/src/www/system_usermanager_import_ldap.php
+++ b/src/www/system_usermanager_import_ldap.php
@@ -99,7 +99,11 @@ if ($authcfg['type'] == 'ldap') {
               foreach ($result as $ldap_user ) {
                   foreach ($_POST['user_dn'] as $userDN) {
                       if ($userDN == $ldap_user['dn'] && !in_array($ldap_user['dn'], $confDNs)) {
-                          add_local_user($ldap_user['name'] , $ldap_user['dn'], $ldap_user['fullname']);
+                          // strip domain if it exists and cleanse ldap username to make sure it is a valid one for
+                          // our system.
+                          $username = explode('@', $ldap_user['name'])[0];
+                          $username = substr(preg_replace("/[^a-zA-Z0-9\.\-_]/", "", $username),0 ,32);
+                          add_local_user($username , $ldap_user['dn'], $ldap_user['fullname']);
                           $update_count++;
                       }
                   }