Ldap group troubles
Dourty, Brian R. (IATS)
DourtyB at missouri.edu
Thu Jun 7 17:54:45 CEST 2007
Upgrading is what broke this functionality. It works with version
1.0.1. Sometime after that a change was made to rlm_ldap.c. This change
modified the ldap_escape_func() function. The way this function works in
1.1.4 and up is different than 1.0.1. Basically, it didn't escape
anything in 1.0.1 and now it does.
What we see in 1.1.4/1.1.6 is that a UserDN returned from AD using
OpenLDAP looks like this:
CN=Lastname\,Firstname, CN=bla,DC=bla
After the ldap_escape_func() returns it looks like this:
CN\\3dLastname\\5c\\5c\\2cFirstname\\2cCN\\3dbla\\2cDC\\3dbla
The \, gets escaped then translated and becomes \\5c\\5c\\2c which
doesn't match \, in the member= results of the group.
Any ideas where the extra \\5c is coming from?
Brian Dourty
System Administrator - Team Lead
Division of IT
University of Missouri - Columbia
573-882-1035
-----Original Message-----
From: freeradius-users-bounces+dourtyb=missouri.edu at lists.freeradius.org
[mailto:freeradius-users-bounces+dourtyb=missouri.edu at lists.freeradius.o
rg] On Behalf Of Phil Mayers
Sent: Tuesday, June 05, 2007 6:50 PM
To: FreeRadius users mailing list
Subject: Re: Ldap group troubles
Dourty, Brian R. (IATS) wrote:
> I'm having some trouble with the ldap group configuration against AD
and
> need a little help.
>
>
>
> Freeradius 1.1.4
Upgrade.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list