Getting a string 'as is' with no escapes from LDAP

Alan DeKok aland at
Thu Sep 13 16:09:58 CEST 2018

On Sep 12, 2018, at 2:42 AM, Kostas Zorbadelos <kzorba at> wrote:
> I think a new thread is better for this discussion. In a previous thread
> (
> I raised the issue of failing to get a string as is from an LDAP
> backend. The string represents the clear text password and I would like
> to take it 'as is' with no escaping of any kind.
> I got the explanation about the shell rules that are now implemented in
> freeradius 3 for strings, so as to get a single uniform approach to
> freeradius 3 and fix the inconsistencies of string handling in
> freeradius 2.


  Plus, we have no idea what's in the back-end database.  Are the strings "raw" and should be used as-is?  Or do the strings contain escaped characters?

  It's impossible to know in advance.  People want to use both types of data.  We try to have the server make the best choice, but it's just a guess.

> Now, we found a problem for strings beginning with '0x' :)

  Yes.  Some people want to be able to assign binary data to strings, too.  So that syntax is supported.

  The question again is when and where it should be supported...

> Is there a way to overcome this?

  Come up with a solution that makes sense, works, and is simple for people to use.

> Generally speaking a solution is needed to get a string 'as is' out of
> an LDAP backend (most probably this will affect other backends too)
> without escaping/unescaping of any kind.

  There's a lot more than that involved, unfortunately.

  Alan DeKok.

More information about the Freeradius-Users mailing list