Ryan Kramer wrote:
> Apparently something in the ldap_escape_func is broken when talking to
> Microsoft AD.
The code does not distinguish between Microsoft AD and other LDAP servers.
> I replaced the code of that function with the much more
> lenient code of the 1.0.1 ldap_escape_func, and it works great with MS
> LDAP now!
I'm curious to know what your queries are, and if you're doing the
double queries I suspect. I think that the problem can better be solved
by understanding it, rather than by removing the restrictions that
prevent people from attacking your LDAP server.
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html