Sorry, the problem occurs only with the " (double quotes) character and not to the other two characters.
2010/6/7 Nelson Vale <[email protected]> > Hi all, > > > I've recently found a problem authenticating some users in AD (2003) when > the user's Distinguish Names have one or more of the following characters: > " ' ` (double quotes, apostrophe or grave accent), using freeradius 2.0.2 > and 2.1.9 versions: > > "... > [ldap] login attempt by "johndoe" with password "test123;" > [ldap] user DN: CN=John "The Man" Doe,OU=students,DC=domain,DC=localal > [ldap] (re)connect to 192.168.0.73:389:389, authentication 1 > [ldap] bind as CN=John "The Man" > Doe,OU=students,DC=domain,DC=localal/test123; to 192.168.0.73:389:389 > [ldap] waiting for bind result ... > [ldap] Bind failed with invalid credentials > ..." > > ( the correct DN for this user is "CN=John "The Man" > Doe,OU=students,DC=domain,DC=local" ) > > > The rlm_ldap module is performing the user authentication using a DN that > as two more characters as it should be (the "al" in the end), and the number > of these extra characters is the same as the number of the occurrences of > the characters described above. > > The characters that cause this problem are the ones from > the src/lib/valuepair.c pairparsevalue() function (PW_TYPE_STRING type), and > if they are removed from there the authentication will be > processed successfully ( I know, if they are there there must be some reason > ). > > I've managed to fix this in rlm_ldap by quoting the characters in the > vp_user_dn->vp_strvalue, but I'm not sure if this will fix all the problems > that can arise from this. > > Have anyone ever had such a problem? I know that it's a little unusual to > have these characters in user's names but AD allows it ... > > Thx, > > Nelson Vale >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
