ldapi:// with path

Arran Cudbard-Bell a.cudbardb at freeradius.org
Mon Jun 29 15:42:03 CEST 2015


> On 29 Jun 2015, at 05:01, Michael Ströder <michael at stroeder.com> wrote:
> 
> HI!
> 
> Testing git v3.1.x 36e1b02e926df5cd75d4d548694401535c607ca9 I noticed that
> something's wrong with LDAPI URLs containing a URL-encoded path.
> 
> This does not work:
> 
> server = 'ldapi://%2Ftmp%2Fopenldap-socket'
> 
> leads to:
> 
> rlm_ldap (ldap): Bind with uid=radiusd,ou=sys,dc=stroeder,dc=local to
> ldapi:///tmp/openldap-socket failed: Can't contact LDAP server
> 
> I'm not sure whether radiusd URL-decodes the path and passes
> "ldapi:///tmp/openldap-socket" to libldap or whether the decoding simply
> happens when writing the log line.
> 
> It should *not* do URL-decoding because parsing the LDAP URL
> "ldapi:///tmp/openldap-socket" in libldap won't work since the first "/" after
> the "hostport" part is the next separator to the DN portion.

It's actually ldap_url_parse doing more than what's claimed in the man page entry:

       ldap_url_parse()  breaks  down  an  LDAP URL passed in url into its component pieces.  If successful,
       zero is returned, an LDAP URL description is allocated, filled in, and ludpp is set to point  to  it.
       If an error occurs, a non-zero URL error code is returned.

In addition to breaking the components down, it also url unescapes them *sigh*.

So the solution is to re-escape the host portion. I'll push a fix in a bit.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150629/0dbaa2a4/attachment-0001.sig>


More information about the Freeradius-Users mailing list