Problem with expansion of %{Ldap-UserDn} containing UTF-8 (cf. Bug #411)

Enrik Berkhan enrik#freeradius at
Tue Aug 28 13:18:35 CEST 2007

Alan DeKok schrieb:
>   Yup.  I've deleted "done", and committed the final code.

Fine, thanks.

Now, I've tried it in 1.1.7 with the original ldap problem ... of 
course, the UTF-8 part works now, but one problem with LDAP DNs remains: 
The DNs may contain backslashes! Now these suffer from similar problems 
being doubled during the Ldap-UserDn expansion.


LDAP-Server returns DN:

   CN=Berkhan\, Enrik, ...

where the first comma is part of the CN attribute and thus escaped in 
the LDAP answer. Search filter expansion containing Ldap-UserDn will 
change this to

   CN=Berkhan\\, Enrik, ...

and, with LDAP-escaping applied, to

   CN\3dBerkhan\5c\5c\2c Enrik\2c ...

which will fail matching the original DN like in the UTF-8 case before.

Currently, I have no idea of how to fix this in a universal robust way 
besides doing variable expansion completely transparently ...


More information about the Freeradius-Devel mailing list