Hi, > We have FreeRADIUS 0.9.3 using LDAP for authorisation. We now have a > problem that for example password with certain characters is cut. For > example password "test,ing" is cut to "test". This is caused by the > gettoken function in src/lib/token.c which is used by the rlm_ldap > module. Google search seems to indicate that the same problem has been > with the SQL-module which also uses gettoken. > > This kind of behaviour is of course quite evil. Is our problem unique? .... > I made a quick test fix by replacing all occurences of gettoken in > src/modules/rlm_ldap/rlm_ldap.c with getbareword-function (also in > src/lib/token.c) which does not care about the tokens ....
I have looked at this a little bit more and I still don't get it. Why does the LDAP-module use the gettoken() function? I have thought that the authorisation data stored in LDAP should be usually taken "as is", but in the LDAP/gettoken case it seems that there could also be some special handling. But in our case this breaks the password handling if the password contains some of those delimiters (like ,=> etc...). Storing the passwords in MD5 or some other one-way encryption is not a solution as CHAP is used for authentication. And the gettoken also breaks other attributes, not just passwords. Is there something that I don't understand or is this a bug in the LDAP-module? Replacing gettoken with getbareword in the rlm_ldap.c seemed to fix this, but this may brake a lot of other things... :) Or should this be discussed in freeradius-devel? -- Tero Turtiainen Telecom, Media & Entertainment Capgemini [EMAIL PROTECTED] This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html