On Sep 12, 2018, at 2:42 AM, Kostas Zorbadelos <kzorba@otenet.gr> wrote:
I think a new thread is better for this discussion. In a previous thread (http://lists.freeradius.org/pipermail/freeradius-users/2018-September/092606...) I raised the issue of failing to get a string as is from an LDAP backend. The string represents the clear text password and I would like to take it 'as is' with no escaping of any kind.
I got the explanation about the shell rules that are now implemented in freeradius 3 for strings, so as to get a single uniform approach to freeradius 3 and fix the inconsistencies of string handling in freeradius 2.
Yes. Plus, we have no idea what's in the back-end database. Are the strings "raw" and should be used as-is? Or do the strings contain escaped characters? It's impossible to know in advance. People want to use both types of data. We try to have the server make the best choice, but it's just a guess.
Now, we found a problem for strings beginning with '0x' :)
Yes. Some people want to be able to assign binary data to strings, too. So that syntax is supported. The question again is when and where it should be supported...
Is there a way to overcome this?
Come up with a solution that makes sense, works, and is simple for people to use.
Generally speaking a solution is needed to get a string 'as is' out of an LDAP backend (most probably this will affect other backends too) without escaping/unescaping of any kind.
There's a lot more than that involved, unfortunately. Alan DeKok.