Freeradius 1.1.7 and LDAP
Alan DeKok
aland at deployingradius.com
Fri Feb 22 14:41:55 CET 2008
Mike O'Connor wrote:
> I have a small issue with freeradius and ldap, its authenticating as
> 'access accept' customers which have placed a space at the beginning of
> there user name.
That's likely do to the LDAP server accepting "uid = foo" and
"uid=foo" as the same user.
Maybe adding quotes around the name may help...:
filter = "(uid=\"%{Stripped-User-Name:-%{User-Name}}\")"
But I don't know enough about the syntax of LDAP queries to be sure.
> This then causes there accounting data not to match and so we do not
> account for there data.
>
> This this a bug or a setting I have incorrectly set ?
It's a feature of LDAP. RADIUS is just an innocent bystander.
Another thing to do would be to simply reject all users with spaces in
their name. These people are likely *intentionally* doing something
wrong, so it shouldn't be a problem to deny them access.
Alan DeKok.
More information about the Freeradius-Users
mailing list