LDAP changes between 1.01 and 1.1.5
Ryan Kramer
rkramer at gmail.com
Fri Apr 13 03:09:46 CEST 2007
On 4/12/07, Alan DeKok <aland at deployingradius.com> wrote:
>
> Ryan Kramer wrote:
> > Apparently something in the ldap_escape_func is broken when talking to
> > Microsoft AD.
>
> The code does not distinguish between Microsoft AD and other LDAP
> servers.
Correct, it is very simple code and doesn't care. My guess is that it is
Microsoft AD not acting like any other reasonable AD on the planet i
suspect.
I'll post my exact queries tomorrow, but as I mentioned, the only change was
to revert that section of code back to the 1.0.1 version, recompile, and it
works great. I hacked away at the configs for about 3 hours without any
success using pretty much every trick I could think of to get it working.
I SUSPECT something might not be escaped in a manner the MS AD server likes,
or maybe just the fact it has any escape sequences built in at all is what
is causing it to toss it. Hopefully tomorrow I'll be able to get some logs
from our server admins to see exactly what the queries they receive look
like.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070412/cd158a3f/attachment.html>
More information about the Freeradius-Users
mailing list