LDAP module problem in 2.0.3

[Jason Alderfer]

Hello,

I'm testing upgrading to 2.0.3 from 1.1.7 and it appears that the LDAP
module in 2.0.3 is not setting the Ldap-UserDn in a way that is available
for further analysis.  The problem shows up when using
"edir_account_policy_check = yes" and PEAP.  This is the error from the
debug output.

+- entering group post-auth
rlm_ldap: User's FQDN not in config items list.
++[ldap] returns fail
  PEAP: Tunneled authentication was rejected.
  rlm_eap_peap: FAILURE

The problem also shows up when checking the Ldap-UserDn with unlang or from
the Files module.

Here is my unlang config and the resulting error.

if (Ldap-UserDn =~ /ou=is,ou=n,o=emu/i) {
        update reply {
                Tunnel-Type := "VLAN"
                Tunnel-Medium-Type := "IEEE-802"
                Tunnel-Private-Group-Id := 3
        }
}

Error:
++? if (Ldap-UserDn =~ /ou=is,ou=n,o=emu/i)
    (Attribute Ldap-UserDn was not found)

Here is the users file config I use in version 1.1.7.  It also does not
work in 2.0.3; the files module returns noop.

DEFAULT Ldap-UserDn =~ "ou=is,ou=n,o=emu"
        Tunnel-Type = "VLAN",
        Tunnel-Medium-Type = "IEEE-802",
        Tunnel-Private-Group-Id = 3

I've tried setting both "copy_request_to_tunnel = yes" and
"use_tunneled_reply = yes"
but it makes no difference.

I looked at the source file rlm_ldap.c and found this code at line 1306:
/*
 * Adding new attribute containing DN for LDAP object associated with
 * given username
 */
pairadd(check_pairs, pairmake("Ldap-UserDn", user_dn, T_OP_EQ));

But in the code for version 1.1.7 the line is
pairadd(&request->packet->vps, pairmake("Ldap-UserDn", user_dn, T_OP_EQ));

If I change it to the old way, everything works.  Is this a bug in 2.0.3 or
might I have overlooked a configuration detail?

Jason