3.0.4: binary LDAP attributes

Nikolai Kondrashov Nikolai.Kondrashov at redhat.com
Thu Jan 15 11:15:51 CET 2015

On 01/07/2015 04:19 PM, Alan DeKok wrote:
> On Jan 7, 2015, at 8:07 AM, Nikolai Kondrashov <Nikolai.Kondrashov at redhat.com> wrote:
>> We already have an integration test for strings with embedded zeros. We would
>> like to add a test for zeros in "binary" attributes.
>    That’s good.
>> I'm not sure exactly what you mean by octets here. Is it attributes with
>> "octets" type in dictionaries?
>    Yes.
>> If so, are LDAP attributes supposed to contain
>> hex strings for them, and it is basically "00" bytes which were the problem?
>    The changes in 3.0.6 were so FreeRADIUS could read *binary* data from LDAP.  Not hex strings.
>> Is the "abinary" type affected?
>    No.  The “abinary” type should *always* be stored as a printable string.  There are no provisions in the server for reading or writing it as a binary blob.
>> Could you perhaps suggest attribute names/types and LDAP attribute values to
>> test for?
>    There’s an LDAP schema which maps RADIUS attributes to LDAP.  Try that, and just use RADIUS attributes which are type “octets”.

Thanks Alan!


More information about the Freeradius-Users mailing list