Jean-Francois Gobin wrote:
From the preceding, preceding mail, you should have seen that %{User-Name} is equal to something like "uid=P0..., o=nrb, c=be" ... which is what I want to have checked against the LDAP.
For now, when I implement your suggestion, I just come out with "checking for dn=o=nrb,c=be, (uid=uid)", which corresponds to the truncating of my requesting DN.
I indeed found a bug in function ldap_escape_func(). However, after fixing the function I get the following line in my logs, which is still an invalid LDAP filter. rlm_ldap: performing search in ou=users,ou=radius,dc=mydomain,dc=com, with filter (uid\3dP06227\2cou\3dpeople\2co\3dnrb\2cc\3dbe) This is not a bug: user supplied strings are escaped from unsafe characters. In your case, I'd suggest to rewrite the User-Name to "P06227" with the module rlm_attr_rewrite and use the filter "(uid=%{User-Name})" in rlm_ldap. -- Nicolas Baradakis