On 11/19/14, 3:57 PM, "Arran Cudbard-Bell" <a.cudbardb@freeradius.org> wrote:
Alan and I just discussed this offline, and we think we've determined the correct fix.
The issue is with the string expansion code. When it finds an attribute expansion in the string such as %{control:Ldap-UserDN}, it tries to make it safe by escaping chars with special meanings like \r \n \.
It does this *even* if an escaping callback is provided by the module wanting to do the string expansion.
So before the LDAP escape function ever gets the string "CN=Winders\, Tim" it has become "CN=winders\\, Tim".
Which then gets encoded to "CN\3dWinders\5c\5c\2c Tim".
The fix appears to be, to hand off escaping completely to the escape function if one is set by the module, and to do the normal escaping otherwise.
I'll add a fix, but it'll probably go into 3.0.6 as this may change other behaviour.
-- Regarding liveness of zip files, that one will be the HEAD of the repo. -- Regarding building debs 'make deb'
You guys rock! I¹m happy with the current solution and will be looking for the 3.0.6 release for the complete fix! -- Tim Winders Associate Dean of Information Technology South Plains College (806) 716-2369