Transformation of the + symbol -- FRS 3.0.11

Mark Williams martialstudy at hotmail.com
Thu Nov 3 12:04:29 CET 2016 

The dn includes the nuid, which is significantly large number we generate randomly when 'People' records are created. Records are similar to this:

dn: nuid=007,ou=People,ou=NIS,o=vt
nuid: 007
uid: bob
sn: bob
cn: CN - bob
objectClass: nisUserAccount
objectClass: inetOrgPerson
objectClass: radiusprofile
prohibited: FALSE
userPassword:: hashedblahblahblah

dn: nuid=008,ou=Entitlements,ou=NIS,o=vt
nuid: 008
entitled: nuid=007,ou=People,ou=NIS,o=vt
entitledUID: bob
entitlement: service.wireless
objectClass: nisEntitlement

We filter on the unique 'uid' field, and then an 'entitleduid' field:

The ldap config in both versions:

ldap {
server = "localhost"
port = 11389
base_dn = "ou=NIS,o=vt"
identity = "uid=radius,ou=Local,${base_dn}"
        password = blahblahblah
update {
control:Password-With-Header += 'userPassword'
control:NT-Password := 'ntPassword'
                control:Prohibited      := 'prohibited'
}
user {
base_dn = "ou=People,${..base_dn}"
                filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
scope = 'sub'
}
group {
base_dn = "ou=Entitlements,${..base_dn}"
filter = "(objectClass=nisEntitlement)"
scope = 'sub'
name_attribute = "entitlement"
                membership_filter = "(&(entitledUID=%{Stripped-User-Name})(|(!(expirationEpoch=*))(expirationEpoch>=%l)))"
}
...
}


________________________________
From: Freeradius-Users <freeradius-users-bounces+martialstudy=hotmail.com at lists.freeradius.org> on behalf of Arran Cudbard-Bell <a.cudbardb at freeradius.org>
Sent: Wednesday, November 02, 2016 2:33 PM
To: FreeRadius users mailing list
Subject: Re: Transformation of the + symbol -- FRS 3.0.11


> On Nov 2, 2016, at 2:26 PM, Mark Williams <martialstudy at hotmail.com> wrote:
>
> It does have a special meaning, but the method which FR is escaping the + character seems to have changed since version 3.0.4, and doesn't appear to be working (in my environment at least).

What's the DN of the object you're actually trying to resolve?

-Arran

More information about the Freeradius-Users mailing list