Password with comma fail with LDAP

Turtiainen, Tero tero.turtiainen at
Tue Jul 12 11:34:51 CEST 2005


We have FreeRADIUS 0.9.3 using LDAP for authorisation. We now have a
problem that for example password with certain characters is cut. For
example password "test,ing" is cut to "test". This is caused by the
gettoken function in src/lib/token.c which is used by the rlm_ldap
module. Google search seems to indicate that the same problem has been
with the SQL-module which also uses gettoken.

This kind of behaviour is of course quite evil. Is our problem unique?
This seems so obvious problem that I would guess that it has been
encountered before. I looked at the CVS version and my guess is that
this has not been fixed.

I made a quick test fix by replacing all occurences of gettoken in
src/modules/rlm_ldap/rlm_ldap.c with getbareword-function (also in
src/lib/token.c) which does not care about the tokens and thus does not
cut the attribute value if it contains comma, semicolon, brace or any
other of the magic characters. Does this fix break more things than it
fixes? Is it a valid fix in this case? Any better solutions?
Tero Turtiainen
Telecom, Media & Entertainment
tero.turtiainen at

This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient,  you are not authorized to read, print, retain, copy, disseminate,  distribute, or use this message or any part thereof. If you receive this  message in error, please notify the sender immediately and delete all  copies of this message.

More information about the Freeradius-Users mailing list