Problem with expansion of %{Ldap-UserDn} containing UTF-8 (cf. Bug #411)

Alan DeKok aland at
Tue Aug 28 13:43:11 CEST 2007

Enrik Berkhan wrote:
> Now, I've tried it in 1.1.7 with the original ldap problem ... of
> course, the UTF-8 part works now, but one problem with LDAP DNs remains:
> The DNs may contain backslashes! Now these suffer from similar problems
> being doubled during the Ldap-UserDn expansion.

  Yes, and commas.  Multiple layers of variable expansion have problems.

  The only way to *really* fix the problem is to track the origin of
data, and keep tainted / untainted flags.

> Currently, I have no idea of how to fix this in a universal robust way
> besides doing variable expansion completely transparently ...

  I'm not sure what you mean by that.

  Alan DeKok.

More information about the Freeradius-Devel mailing list