> the problem is with the groupmembership_filter. It contains the
> Ldap-UserDn attribute which gets xlated and escaped:
> A DN usually contains commas which get escaped and break the ldap
> search. I am not so sure why we should escape ',' in the first place.
> That way we break any ldap searches for attribute values holding DN's.
This is correct.
For info the python-ldap module contains a function:
Replace all special characters found in assertion_value
by quoted notation
s = assertion_value.replace('\\', r'\5c')
s = s.replace(r'*', r'\2a')
s = s.replace(r'(', r'\28')
s = s.replace(r')', r'\29')
s = s.replace('\x00', r'\00')
...implying that only \*()NUL need be escaped?
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html