Patch to fix the 0x thing in *NTPassword LDAP attr... Comments?

Alan DeKok aland at deployingradius.com
Thu Aug 9 15:10:04 CEST 2007


Stefan Adams wrote:
> It's been quite a challenge to maintain both radiusNTPassword and
> sambaNTPassword in a user's LDAP object, especially when
> radiusNTPassword is just sambaNTPassword, prepended with '0x'.  If
> nothing else, that's redundant.

  Hmm... in 1.1.7, the "pap" module will take care of fixing
NT-Passwords.  i.e. map sambaNTPassword to NT-Password in ldap.attrmap,
and list "pap" at the end of the "authorize" section.  The pap module
will see the 32-character hex string NT-Password, and convert it to
16-character binary format, which the rest of the server needs.

> Does that make sense?  Anything wrong with doing this?  Obviouly this
> patch is teeny and not very profound...  For what reason is this
> avoided?  rlm_ldap expects the value to be in hex. 

  What do you mean by that?

> diff -urN freeradius-1.1.7/src/modules/rlm_ldap/rlm_ldap.c
...
>           for (vals_idx = 0; vals_idx < vals_count; vals_idx++) {
>            value = vals[vals_idx];
> +sprintf(hex, "0x%s", value);
> +value = hex;
> +DEBUG("!!! %s !!!", value);

  Huh?  You're adding "0x" to the start of EVERY attribute.  That's wrong...

  Alan DeKok.



More information about the Freeradius-Users mailing list