3.0.4: binary LDAP attributes

Alan DeKok aland at deployingradius.com
Wed Jan 7 15:19:19 CET 2015

On Jan 7, 2015, at 8:07 AM, Nikolai Kondrashov <Nikolai.Kondrashov at redhat.com> wrote:
> We already have an integration test for strings with embedded zeros. We would
> like to add a test for zeros in "binary" attributes.

  That’s good.

> I'm not sure exactly what you mean by octets here. Is it attributes with
> "octets" type in dictionaries?


> If so, are LDAP attributes supposed to contain
> hex strings for them, and it is basically "00" bytes which were the problem?

  The changes in 3.0.6 were so FreeRADIUS could read *binary* data from LDAP.  Not hex strings.

> Is the "abinary" type affected?

  No.  The “abinary” type should *always* be stored as a printable string.  There are no provisions in the server for reading or writing it as a binary blob.

> Could you perhaps suggest attribute names/types and LDAP attribute values to
> test for?

  There’s an LDAP schema which maps RADIUS attributes to LDAP.  Try that, and just use RADIUS attributes which are type “octets”.

  Alan DeKok.

More information about the Freeradius-Users mailing list