LDAP changes between 1.01 and 1.1.5

Alan DeKok aland at deployingradius.com
Fri Apr 13 02:42:20 CEST 2007

Ryan Kramer wrote:
> Apparently something in the ldap_escape_func is broken when talking to
> Microsoft AD.

  The code does not distinguish between Microsoft AD and other LDAP servers.

>  I replaced the code of that function with the much more
> lenient code of the 1.0.1 ldap_escape_func, and it works great with MS
> LDAP now!

  I'm curious to know what your queries are, and if you're doing the
double queries I suspect.  I think that the problem can better be solved
by understanding it, rather than by removing the restrictions that
prevent people from attacking your LDAP server.

  Alan DeKok.
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog

More information about the Freeradius-Users mailing list