7 Dec
2005
7 Dec
'05
5:51 a.m.
Qin Zhen wrote:
i couldn't figure out what does the change intend to do, is it to filter out '*', '\\', '()' and '=' from username? and why should it be in that way? please help me. thanks a lot in advance.
The function ldap_escape_func() filters all LDAP-specific characters from RFC 2254. This prevents LDAP injection attacks. BTW there's a known bug in this function, you can get a fixed version here. (the patch will be included in next release) http://www.freeradius.org/cgi-bin/cvsweb.cgi/radiusd/src/modules/rlm_ldap/rl... -- Nicolas Baradakis