3.0.11 Always escaping = and ,
Alan DeKok
aland at deployingradius.com
Mon Feb 29 15:03:26 CET 2016
On Feb 29, 2016, at 4:45 AM, Peter Lambrechtsen <peter at crypt.co.nz> wrote:
>
> I'm trying to set some request temporary variables that I can use further
> down in the flow for lookups.
>
> update request {
> RealmLookup := "ou=Realms"
> }
> ldap.nodeauth
>
> But when it comes to do the lookup, the = and , get escaped so it makes an
> invalid DN.
Yes. The server escapes characters which are special to LDAP.
> Any way to stop the xlat from expanding the value, I've tried unescape and
> a number of different options without success?
Not really.
For that to work, we would need to add a "tainted" flag like Perl. Anything from the network is tainted, and requires escaping. Anything from the configuration files is OK, and doesn't require escaping.
That's... not trivial.
> Or will I need to just define multiple modules with different DNs of the
> places I would like to search in the hierarchy.
For now, yes.
Alan DeKok.
More information about the Freeradius-Users
mailing list