3.0.4: binary LDAP attributes

Nikolai Kondrashov Nikolai.Kondrashov at redhat.com
Tue Dec 9 12:51:10 CET 2014


Hi everyone,

Our (Red Hat) QA was testing the effect of this entry in 3.0.4 ChangeLog:

     * Modify pairparsevalue to deal with embedded NULLs better,
       and use the binary versions of attribute values in rlm_ldap.

They have noticed that binary LDAP values get truncated on embedded zero
characters (\0) in RADIUS replies, in radiusReplyMessage in particular.
I.e. for

     radiusReplyMessage:: cmVwbHkgd2l0aCBhAGI=

The response output by radtest was

     Reply-Message = 'reply with a'

The network capture also showed that RADIUS reply packets contained truncated
values. Is this intended, or was there a fix for this?


In related discoveries, it seems that backslashes get removed from LDAP
attribute values in RADIUS replies, so

     radiusReplyMessage: reply with a\0b

becomes

     Reply-Message = 'reply with a0b'

in radtest output.

Is this intended?

Thank you.

Nick


More information about the Freeradius-Users mailing list