From: Nick Porter <nick@portercomputing.co.uk>
Date: Thu, 29 Feb 2024 20:31:05 +0000 (+0000)
Subject: LDAP-Sync.Directory-Root-DN has to be marked safe to use as a DN
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=472d06f07c9f20883622caca77ae4c71befd74aa;p=thirdparty%2Ffreeradius-server.git

LDAP-Sync.Directory-Root-DN has to be marked safe to use as a DN
---

diff --git a/doc/antora/modules/raddb/pages/sites-available/ldap_sync.adoc b/doc/antora/modules/raddb/pages/sites-available/ldap_sync.adoc
index 095121bb6be..532413f637b 100644
--- a/doc/antora/modules/raddb/pages/sites-available/ldap_sync.adoc
+++ b/doc/antora/modules/raddb/pages/sites-available/ldap_sync.adoc
@@ -504,7 +504,7 @@ server ldap_sync {
 		debug_request
 #		if (!&reply.LDAP-Sync.Cookie) {
 #			string csn
-#			&csn := %concat(%ldap("ldap:///%{LDAP-Sync.Directory-Root-DN}?contextCSN?base"), ';')
+#			&csn := %concat(%ldap("ldap:///%ldap.uri.safe(%{LDAP-Sync.Directory-Root-DN})?contextCSN?base"), ';')
 #			&reply.LDAP-Sync.Cookie := "rid=000,csn=%{csn}"
 #		}
 	}
diff --git a/raddb/sites-available/ldap_sync b/raddb/sites-available/ldap_sync
index 030ec651f11..f9bf3a99d9b 100644
--- a/raddb/sites-available/ldap_sync
+++ b/raddb/sites-available/ldap_sync
@@ -383,7 +383,7 @@ server ldap_sync {
 #		if (!&reply.LDAP-Sync.Cookie) {
 #			string csn
 #
-#			&csn := %concat(%ldap("ldap:///%{LDAP-Sync.Directory-Root-DN}?contextCSN?base"), ';')
+#			&csn := %concat(%ldap("ldap:///%ldap.uri.safe(%{LDAP-Sync.Directory-Root-DN})?contextCSN?base"), ';')
 #			&reply.LDAP-Sync.Cookie := "rid=000,csn=%{csn}"
 #		}
 	}
diff --git a/src/tests/ldap_sync/rfc4533/config/radiusd.conf b/src/tests/ldap_sync/rfc4533/config/radiusd.conf
index 7b21fb50429..01b0dec7fb2 100644
--- a/src/tests/ldap_sync/rfc4533/config/radiusd.conf
+++ b/src/tests/ldap_sync/rfc4533/config/radiusd.conf
@@ -194,7 +194,7 @@ server test {
 	load Cookie {
 		string csn
 
-		&csn := %concat(%ldap("ldap:///%{LDAP-Sync.Directory-Root-DN}?contextCSN?base"), ';')
+		&csn := %concat(%ldap("ldap:///%ldap.uri.safe(%{LDAP-Sync.Directory-Root-DN})?contextCSN?base"), ';')
 		&reply.LDAP-Sync.Cookie := "rid=000,csn=%{csn}"
 	}