Patch to fix the 0x thing in *NTPassword LDAP attr... Comments?
Alan DeKok
aland at deployingradius.com
Thu Aug 9 15:10:04 CEST 2007
Stefan Adams wrote:
> It's been quite a challenge to maintain both radiusNTPassword and
> sambaNTPassword in a user's LDAP object, especially when
> radiusNTPassword is just sambaNTPassword, prepended with '0x'. If
> nothing else, that's redundant.
Hmm... in 1.1.7, the "pap" module will take care of fixing
NT-Passwords. i.e. map sambaNTPassword to NT-Password in ldap.attrmap,
and list "pap" at the end of the "authorize" section. The pap module
will see the 32-character hex string NT-Password, and convert it to
16-character binary format, which the rest of the server needs.
> Does that make sense? Anything wrong with doing this? Obviouly this
> patch is teeny and not very profound... For what reason is this
> avoided? rlm_ldap expects the value to be in hex.
What do you mean by that?
> diff -urN freeradius-1.1.7/src/modules/rlm_ldap/rlm_ldap.c
...
> for (vals_idx = 0; vals_idx < vals_count; vals_idx++) {
> value = vals[vals_idx];
> +sprintf(hex, "0x%s", value);
> +value = hex;
> +DEBUG("!!! %s !!!", value);
Huh? You're adding "0x" to the start of EVERY attribute. That's wrong...
Alan DeKok.
More information about the Freeradius-Users
mailing list