Hi All, I'm new to Radius, now encountered problems with ldap_escape_func in rlm_ldap. please help me since it's really a bit urgent. the comments regarding to this function is 'Add an ldap_escape_func. Escape the * character from the filter so that we can avoid the trivial DoS of username=*'. if i was not wrong, this function intends to filter out the * which follows the username, i.e, if username is 'userid*' in access-request packet, ldapsearch is only based on 'userid'. but what's the purpose for doing this and is it secure? or did i misunderstand the comments? the lastest version freeradius-1.0.5 has a slightly different version for this piece of code, ***************************************************************** freeradius-1.0.5 if (strchr("*=\\,()", *in)) { static const char *hex = "0123456789abcdef"; if (outlen <= 3) break; *(out++) = '\\'; *(out++) = hex[((*in) >> 4) & 0x0f]; *(out++) = hex[(*in) & 0x0f]; outlen -= 3; continue; } ************************************************************** freeradius-1.0.4 and previous if (strchr("*", *in)) { in++; outlen--; continue; } i couldn't figure out what does the change intend to do, is it to filter out '*', '\\', '()' and '=' from username? and why should it be in that way? please help me. thanks a lot in advance.