Ryan Kramer wrote: > I've recently moved to 1.1.5, and went from a system that worked > perfectly with MS LDAP to one that will no longer find the user groups, > using the identical config. Anyone have any ideas? The obvious one is > that 1.1.5 throws in all kinds of escape characters, but i'm assuming > that is output only.
No. It's part of the LDAP query. In order to avoid external users logging in with names that are valid LDAP queries, the untrusted user input is escaped before it is passed to the LDAP module. See the *rest* of the debug output for the sequence of string expansions. It looks like you're calling the LDAP module twice, and using the output of the first query as part of the wuery string for the second query. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html