Qin Zhen wrote: > i couldn't figure out what does the change intend to do, is it to > filter out '*', '\\', '()' and '=' from username? and why should it > be in that way? please help me. thanks a lot in advance.
The function ldap_escape_func() filters all LDAP-specific characters from RFC 2254. This prevents LDAP injection attacks. BTW there's a known bug in this function, you can get a fixed version here. (the patch will be included in next release) http://www.freeradius.org/cgi-bin/cvsweb.cgi/radiusd/src/modules/rlm_ldap/rlm_ldap.c?rev=1.122.2.8 -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
