LDAP changes between 1.01 and 1.1.5

Alan DeKok aland at deployingradius.com
Thu Apr 12 21:34:02 CEST 2007


Ryan Kramer wrote:
> I've recently moved to 1.1.5, and went from a system that worked
> perfectly with MS LDAP to one that will no longer find the user groups,
> using the identical config.  Anyone have any ideas?  The obvious one is
> that 1.1.5 throws in all kinds of escape characters, but i'm assuming
> that is output only.

  No.  It's part of the LDAP query.

  In order to avoid external users logging in with names that are valid
LDAP queries, the untrusted user input is escaped before it is passed to
the LDAP module.

  See the *rest* of the debug output for the sequence of string
expansions.  It looks like you're calling the LDAP module twice, and
using the output of the first query as part of the wuery string for the
second query.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list