3.0.11 Always escaping = and ,

Alan DeKok aland at deployingradius.com
Mon Feb 29 15:03:26 CET 2016

On Feb 29, 2016, at 4:45 AM, Peter Lambrechtsen <peter at crypt.co.nz> wrote:
> I'm trying to set some request temporary variables that I can use further
> down in the flow for lookups.
>                update request {
>                        RealmLookup := "ou=Realms"
>                }
>                ldap.nodeauth
> But when it comes to do the lookup, the = and , get escaped so it makes an
> invalid DN.

  Yes.  The server escapes characters which are special to LDAP.

> Any way to stop the xlat from expanding the value, I've tried unescape and
> a number of different options without success?

  Not really.

  For that to work, we would need to add a "tainted" flag like Perl.  Anything from the network is tainted, and requires escaping.  Anything from the configuration files is OK, and doesn't require escaping.

  That's... not trivial.

> Or will I need to just define multiple modules with different DNs of the
> places I would like to search in the hierarchy.

  For now, yes.

  Alan DeKok.

More information about the Freeradius-Users mailing list