Merge branch 'ldap-filter-eq' into 'master'

Escape wildcards when searching LDAP by group name.

Addresses https://dev.gitlab.org/gitlab/gitlabhq/issues/2086.

Also see https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/1644 and https://dev.gitlab.org/gitlab/omniauth-ldap/merge_requests/2.

See merge request !344

CHANGELOG-EE

@@ -3,6 +3,7 @@ v 7.9.0 (unreleased)
     `SSHKey:ssh-rsa keykeykey` and `ssh-rsa keykeykey (SSH key)` will now work
   - Check if LDAP admin group exists before querying for user membership
   - Use one custom header logo for all GitLab themes in appearance settings
+  - Escape wildcards when searching LDAP by group name.
 
 v 7.8.0
   - Improved Jira issue closing integration

lib/api/ldap.rb

@@ -6,6 +6,8 @@ module API
     resource :ldap do
       helpers do
         def get_group_list(provider, search)
+          search ||= ""
+          search = Net::LDAP::Filter.escape(search)
           Gitlab::LDAP::Adapter.new(provider).groups("#{search}*", 20)
         end
       end
@@ -17,7 +19,7 @@ module API
       #  GET /ldap/groups
       get 'groups' do
         provider = Gitlab::LDAP::Config.servers.first['provider_name']
-        @groups = Gitlab::LDAP::Adapter.new(provider).groups("#{params[:search]}*", 20)
+        @groups = get_group_list(provider, params[:search])
         present @groups, with: Entities::LdapGroup
       end
 

lib/gitlab/ldap/group.rb

@@ -4,6 +4,7 @@ module Gitlab
       attr_accessor :adapter
 
       def self.find_by_cn(cn, adapter)
+        cn = Net::LDAP::Filter.escape(cn)
         adapter.group(cn)
       end