FR 3.0.7 RADIUS Client Schema error
Michael Ströder
michael at stroeder.com
Thu Apr 30 19:51:28 CEST 2015
Arran Cudbard-Bell wrote:
>
>> On 30 Apr 2015, at 13:14, Michael Ströder <michael at stroeder.com> wrote:
>>
>> Alan DeKok wrote:
>>> On Apr 30, 2015, at 10:43 AM, Ben Humpert <ben at an3k.de> wrote:
>>>> in the schema file the entry for require message authenticator is listed as
>>>>
>>>> olcAttributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.6 NAME
>>>> 'radiusClientRequireMa' SINGLE-VALUE DESC 'Require Message
>>>> Authenticator' EQUALITY booleanMatch SYNTAX
>>>> '1.3.6.1.4.1.1466.115.121.1.7' )
>>>>
>>>> thus one has to enter TRUE or FALSE in LDAP - everything else (I tried
>>>> it with true, Yes, yes, YES and 1) throws an LDAP error. But now, with
>>>> TRUE FR won't start anymore. Below is the debug log
>>>
>>> I've pushed a fix to v3.0.x. It will now allow true / false for booleans.
>> ^^^^^^^^^^^^
>> Just in case:
>> Please note that LDAP syntax Boolean requires upper-case TRUE / FALSE.
>>
>> I saw LDAP client and server implementations which do not care about that leading to interop problems.
>
> The comparison will be case insensitive
Ok.
But maybe you will also generate LDAP filters based on a variable. Bear in
mind this would have to be upper-case. Otherwise strict LDAP servers (e.g.
OpenLDAP) will render the assertion value to invalid.
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4272 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150430/794d615e/attachment.bin>
More information about the Freeradius-Users
mailing list