3.0.4: binary LDAP attributes
Nikolai Kondrashov
Nikolai.Kondrashov at redhat.com
Tue Dec 9 12:51:10 CET 2014
Hi everyone,
Our (Red Hat) QA was testing the effect of this entry in 3.0.4 ChangeLog:
* Modify pairparsevalue to deal with embedded NULLs better,
and use the binary versions of attribute values in rlm_ldap.
They have noticed that binary LDAP values get truncated on embedded zero
characters (\0) in RADIUS replies, in radiusReplyMessage in particular.
I.e. for
radiusReplyMessage:: cmVwbHkgd2l0aCBhAGI=
The response output by radtest was
Reply-Message = 'reply with a'
The network capture also showed that RADIUS reply packets contained truncated
values. Is this intended, or was there a fix for this?
In related discoveries, it seems that backslashes get removed from LDAP
attribute values in RADIUS replies, so
radiusReplyMessage: reply with a\0b
becomes
Reply-Message = 'reply with a0b'
in radtest output.
Is this intended?
Thank you.
Nick
More information about the Freeradius-Users
mailing list