3.0.4: binary LDAP attributes
Nikolai Kondrashov
Nikolai.Kondrashov at redhat.com
Thu Jan 15 11:15:51 CET 2015
On 01/07/2015 04:19 PM, Alan DeKok wrote:
> On Jan 7, 2015, at 8:07 AM, Nikolai Kondrashov <Nikolai.Kondrashov at redhat.com> wrote:
>> We already have an integration test for strings with embedded zeros. We would
>> like to add a test for zeros in "binary" attributes.
>
> That’s good.
>
>> I'm not sure exactly what you mean by octets here. Is it attributes with
>> "octets" type in dictionaries?
>
> Yes.
>
>> If so, are LDAP attributes supposed to contain
>> hex strings for them, and it is basically "00" bytes which were the problem?
>
> The changes in 3.0.6 were so FreeRADIUS could read *binary* data from LDAP. Not hex strings.
>
>> Is the "abinary" type affected?
>
> No. The “abinary” type should *always* be stored as a printable string. There are no provisions in the server for reading or writing it as a binary blob.
>
>> Could you perhaps suggest attribute names/types and LDAP attribute values to
>> test for?
>
> There’s an LDAP schema which maps RADIUS attributes to LDAP. Try that, and just use RADIUS attributes which are type “octets”.
Thanks Alan!
Nick
More information about the Freeradius-Users
mailing list