Ryan Kramer wrote:
> Apparently something in the ldap_escape_func is broken when talking to
> Microsoft AD.

  The code does not distinguish between Microsoft AD and other LDAP servers.

>  I replaced the code of that function with the much more
> lenient code of the 1.0.1 ldap_escape_func, and it works great with MS
> LDAP now!

  I'm curious to know what your queries are, and if you're doing the
double queries I suspect.  I think that the problem can better be solved
by understanding it, rather than by removing the restrictions that
prevent people from attacking your LDAP server.

  Alan DeKok.
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to