From 408069b54f9e6b7964c0541529b6b9fdbda124c7 Mon Sep 17 00:00:00 2001
From: Lukas Oyen <oyen@univention.de>
Date: Thu, 13 Apr 2017 13:59:55 +0200
Subject: [PATCH] Bug #xxx: fix LDAP filter escaping in s4c

---
 .../modules/univention/s4connector/s4/__init__.py                      | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py b/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py
index dd08fa7..b7854ca 100644
--- a/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py
+++ b/services/univention-s4-connector/modules/univention/s4connector/s4/__init__.py
@@ -1448,7 +1448,8 @@ class s4(univention.s4connector.ucs):
 		'''
 		_d = ud.function('ldap.set_primary_group_to_ucs_user')
 
-		s4_group_rid_resultlist = self.__search_s4(base=self.lo_s4.base, scope=ldap.SCOPE_SUBTREE, filter='samaccountname=%s' % compatible_modstring(object_ucs['username']), attrlist=['dn', 'primaryGroupID'])
+		rid_filter = format_escaped("(samaccountname={0!e})", compatible_modstring(object_ucs['username']))
+		s4_group_rid_resultlist = self.__search_s4(base=self.lo_s4.base, scope=ldap.SCOPE_SUBTREE, filter=rid_filter, attrlist=['dn', 'primaryGroupID'])
 
 		if not s4_group_rid_resultlist[0][0] in ['None', '', None]:
 
-- 
2.7.4