LDAP changes between 1.01 and 1.1.5
Alan DeKok
aland at deployingradius.com
Fri Apr 13 02:42:20 CEST 2007
Ryan Kramer wrote:
> Apparently something in the ldap_escape_func is broken when talking to
> Microsoft AD.
The code does not distinguish between Microsoft AD and other LDAP servers.
> I replaced the code of that function with the much more
> lenient code of the 1.0.1 ldap_escape_func, and it works great with MS
> LDAP now!
I'm curious to know what your queries are, and if you're doing the
double queries I suspect. I think that the problem can better be solved
by understanding it, rather than by removing the restrictions that
prevent people from attacking your LDAP server.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list