Spaces in the end of User-Name.

Alexander Clouter alex at
Wed Jan 19 09:54:11 CET 2011

admin <bp at> wrote:
>>> What i must to specify in a config file of freeradius2 that in each 
>>> request before its further handling it automatically deleted spaces 
>>> in the end of %{User-Name}?
>> You need to write a custom rule in "unlang".
> Something of type such this?
> if ("%{User-Name}"=~/([a-zA-Z0-9_.]+)\s+$/i) {
>        %{User-Name}=%{1}
> }
> Where it is necessary to insert it in config file that User-Name changed  
> globally before any actions with it?
No, that's incorrect...I am also not going to help you hang yourself by 
giving you the answer :)

>> However... my $0.02 is that you shouldn't.  Instead, if you see a 
>> User-Name with spaces, *reject* it.  The user is trying to play 
>> games.
> Yes, but it creates many questions from users.
It creates even more problems for you later on down the line.  There 
will be times when you will be unable to strip the whitespace (maybe you 
auth straight against LDAP, say Apache doing group membership checks 
against LDAP...the whitespace will *kill* you) from a username and those 
users stuck in the habit of putting spaces in usernames will come back 
and haunt you.

Best to make it work only if you do things correctly.

Ideally you should do something like:
authorization {

	if (User-Name =~ /^\s/ || User-Name =~ /\s$/) {
		update reply {
			Reply-Message := "Remove spaces from User-Name"


Hopefully your environment enables that message to get back to the user.


Alexander Clouter
.sigmonster says: If you can't understand it, it is intuitively obvious.

More information about the Freeradius-Users mailing list