3.0.17 password ending in '\' problem, LDAP backend [bug?]

Kostas Zorbadelos kzorba at otenet.gr
Fri Sep 7 14:29:06 CEST 2018


On Παρ, Σεπ 07 2018 at 02:39:30 μμ, Alan DeKok <aland at deployingradius.com> wrote:

Hi Alan,

>
>   Yes.  That's the normal rule for double-quoted strings.
>

understood everything about the backslash fixes.

>   Cleartext-Password is for the server.  If you set it in radclient,
>   it will be ignored. 
>

Yes, silly from my part, I got confused.

>> Independent of which radclient is used, the server has the same behavior
>> demonstrated in the following debug (using radmin in production,
>> excellent feature by the way)
>
>   The server works, and will accept backslashes in passwords.
>
>> (13592044) Fri Sep 7 10:22:40 2018: WARNING: ldap_1: Failed parsing
>> value "test123\\" for attribute Cleartext-Password: Invalid escape
>> at end of string
>
>   Yes, the same rules for double quoted strings apply here.
>
>> In the ldap entry of the user, the password is stored with a (single) ending
>> '\'.
>> 
>> Here is the relevant config of the ldap module in my case (again
>> sensitive information stripped)
>
>   Please don't post module config to the list.  We don't need it.
>
>   See: http://wiki.freeadius.org/list-help
>

Sorry, I have missed this page.

>> Is this a bug (looks like to me), feature, or am I missing something?
>
>   It's *fixing* a bug.
>

:)

>> Could I do something with unlang, or in the ldap module config in this
>> case?
>
>   Map the LDAP userPassword attribute to a binary attribute, e.g. Tmp-Octets-0.  Then, copy that to Cleartext-Password:
>
> 	ldap
> 	if (control:Tmp-Octets-0) {
> 		update control {
> 			Cleartext-Password := &control:Tmp-Octets-0
> 		}
> 	}

A big thanks for your clarifications and solution proposal Alan. You are
doing an excellent work for many years along with the other developers
of the project and you provide invaluable help.

I am sure your solution will work but in any case I need to test it and 
deploy it.

Best regards,
Kostas

-- 
Kostas Zorbadelos	http://gr.linkedin.com/in/kzorba		



More information about the Freeradius-Users mailing list