Nelson Vale wrote:
The user's DN is OK now (no extra characters), but the ldap authentication still doesn't work. I think the problem is that double quotes must be escaped before sent to AD.
OK.
In my fix in rlm_ldap (test purpose only), I did just that before assigning the vp_user_dn->vp_strvalue value to user_dn in ldap_authenticate() and it works OK.
OK. The issue is that the value of the attribute is used *directly*. It's really the responsibility of the RADIUS server to pass the correct data to the LDAP query. i.e. rather than: perform_search(... vp_user_dn->vp_strvalue ...) it should do: char buffer[1024]; vp_print(buffer, sizeof(buffer), vp_user_dn->vp_strvalue); perform_search(... buffer ..) That is what your fix seems to do, and is the right thing to do. Alan DeKok.