AD Auth - problem with some chars in user's DN
Alan DeKok
aland at deployingradius.com
Sat Jun 12 08:48:39 CEST 2010
Nelson Vale wrote:
> The user's DN is OK now (no extra characters), but the ldap
> authentication still doesn't work. I think the problem is that double
> quotes must be escaped before sent to AD.
OK.
> In my fix in rlm_ldap (test purpose only), I did just that before
> assigning the vp_user_dn->vp_strvalue value to user_dn in
> ldap_authenticate() and it works OK.
OK. The issue is that the value of the attribute is used *directly*.
It's really the responsibility of the RADIUS server to pass the correct
data to the LDAP query.
i.e. rather than:
perform_search(... vp_user_dn->vp_strvalue ...)
it should do:
char buffer[1024];
vp_print(buffer, sizeof(buffer), vp_user_dn->vp_strvalue);
perform_search(... buffer ..)
That is what your fix seems to do, and is the right thing to do.
Alan DeKok.
More information about the Freeradius-Users
mailing list