3.0.4: binary LDAP attributes
Alan DeKok
aland at deployingradius.com
Wed Jan 7 15:19:19 CET 2015
On Jan 7, 2015, at 8:07 AM, Nikolai Kondrashov <Nikolai.Kondrashov at redhat.com> wrote:
> We already have an integration test for strings with embedded zeros. We would
> like to add a test for zeros in "binary" attributes.
That’s good.
> I'm not sure exactly what you mean by octets here. Is it attributes with
> "octets" type in dictionaries?
Yes.
> If so, are LDAP attributes supposed to contain
> hex strings for them, and it is basically "00" bytes which were the problem?
The changes in 3.0.6 were so FreeRADIUS could read *binary* data from LDAP. Not hex strings.
> Is the "abinary" type affected?
No. The “abinary” type should *always* be stored as a printable string. There are no provisions in the server for reading or writing it as a binary blob.
> Could you perhaps suggest attribute names/types and LDAP attribute values to
> test for?
There’s an LDAP schema which maps RADIUS attributes to LDAP. Try that, and just use RADIUS attributes which are type “octets”.
Alan DeKok.
More information about the Freeradius-Users
mailing list