Can't add a $ sign to the ldap search
Phil Mayers
p.mayers at imperial.ac.uk
Mon May 23 22:13:35 CEST 2011
On 05/23/2011 08:46 PM, Alexandros Gougousoudis wrote:
> Hi Phil,
> filter =
>>> "(|(uid=%{%{Stripped-User-Name}:-%{User-Name}})(uid=%{%{Stripped-User-Name}:-%{User-Name}}\$))"
>>>
>>
>> Don't do that. Instead try:
>>
>> filter = "(uid=%{mschap:User-Name})"
>
> Hm, this is not working. I also don't get the point, why the username in
> mschap is mangled to have a $ or not?
The expansion %{mschap:User-Name} will expand as follows:
username -> username
DOMAIN\username -> username
host/name.domain.com -> name$
...which is correct in the cases people care about, and is the quickest
and cleanest way to handle the various forms of usernames that windows sends
(On that note: it does not handle user at domain.com. It probably should...)
>
> The Windows-Worstation query their name as "host/workstation", which is
> workstation$ in my ldap. My Users are coming in as "user", so where else
> doing the lookup than in ldap module?
The %{mschap:User-Name} module is available anywhere, as long as the
mschap module is instantiated. The request doesn't even have to be
mschap - it gives back a modified version of the username.
If the "$" still isn't getting into the LDAP query, it might be
something inside the LDAP module.
More information about the Freeradius-Users
mailing list