On Παρ, Σεπ 07 2018 at 02:39:30 μμ, Alan DeKok <aland@deployingradius.com> wrote: Hi Alan,
Yes. That's the normal rule for double-quoted strings.
understood everything about the backslash fixes.
Cleartext-Password is for the server. If you set it in radclient, it will be ignored.
Yes, silly from my part, I got confused.
Independent of which radclient is used, the server has the same behavior demonstrated in the following debug (using radmin in production, excellent feature by the way)
The server works, and will accept backslashes in passwords.
(13592044) Fri Sep 7 10:22:40 2018: WARNING: ldap_1: Failed parsing value "test123\\" for attribute Cleartext-Password: Invalid escape at end of string
Yes, the same rules for double quoted strings apply here.
In the ldap entry of the user, the password is stored with a (single) ending '\'.
Here is the relevant config of the ldap module in my case (again sensitive information stripped)
Please don't post module config to the list. We don't need it.
Sorry, I have missed this page.
Is this a bug (looks like to me), feature, or am I missing something?
It's *fixing* a bug.
:)
Could I do something with unlang, or in the ldap module config in this case?
Map the LDAP userPassword attribute to a binary attribute, e.g. Tmp-Octets-0. Then, copy that to Cleartext-Password:
ldap if (control:Tmp-Octets-0) { update control { Cleartext-Password := &control:Tmp-Octets-0 } }
A big thanks for your clarifications and solution proposal Alan. You are doing an excellent work for many years along with the other developers of the project and you provide invaluable help. I am sure your solution will work but in any case I need to test it and deploy it. Best regards, Kostas -- Kostas Zorbadelos http://gr.linkedin.com/in/kzorba