rlm_ldap: ldap_search() failed: Bad search filter:

Norbert Wegener nw at sbs.de
Thu Dec 8 15:18:38 CET 2005 

Nicolas Baradakis wrote:
> Norbert Wegener wrote:
>
>   
>> When I take the same vars in  radiusd.conf, I get:
>> rlm_ldap: ldap_search() failed: Bad search filter
>> radiusd.conf:
>>
>> ldap ldap1 {
>> server="mchm967a.tww006.sitest.net "
>> port=3268
>> identity="testrad at TDE002.SITEST.NET "
>> mypass="mypass"
>> basedn="dc=TDE002,dc=SITEST,dc=NET"
>> filter="(&(sAMAccountName=28TEF003$)(objectclass=computer)) 
>> sAMAccountName userAccountControl"
>>     
>
> I don't think you can append a list of attributes to the
> filter. (like in ldap_search)
>   
Thank you, that has obviously been a difference between ldapsearch and 
rlm_ldap.
Now I get the information from AD also via radius.

Nevertheless, there is another point:
The server above is a global catalogue server. When asking the domain 
server directly, this again works with the following parameters using 
ldapsearch:
server="tde002.sitest.net"
                port=389
                identity="testrad at TDE002.SITEST.NET"
                passwd="mypasswd"
                #basedn = "dc=SITEST,dc=NET"
                basedn="dc=tde002,dc=SITEST,dc=NET"
                
filter="(&(sAMAccountName=28tef003*)(objectclass=computer)) "

The same parameters within radiusd.conf gives me:
among other Bind was successful:
...

rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to tde002.sitest.net:389, authentication 0
rlm_ldap: bind as testrad at TDE002.SITEST.NET/ to tde002.sitest.net:389
ldap_bind
ldap_simple_bind
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
...
rlm_ldap: waiting for bind result ...
ldap_result msgid 1
......
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
ldap_int_select
ldap_read: message type bind msgid 1, original id 1
...
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ldap_msgfree
rlm_ldap: Bind was successful


So far, so good, but later I get:
.....
read1msg:  V2 referral chased, mark request completed, id = 3^M
new result:  res_errno: 1, res_error: <00000000: LdapErr: DSID-0C090627, 
comment: In order to perform this operation
a successful bind must be completed on the connection., data 0, vece>, 
res_matched: <>^M
read1msg:  0 new referrals^M
read1msg:  mark request completed, id = 3^M
merged parent (id 2) error info:  result errno 1, error <00000000: 
LdapErr: DSID-0C090627, comment: In order to perfo
rm this operation a successful bind must be completed on the 
connection., data 0, vece>, matched <>^M
request 2 done^M
res_errno: 1, res_error: <00000000: LdapErr: DSID-0C090627, comment: In 
order to perform this operation a successful
bind must be completed on the connection., data 0, vece>, res_matched: <>^M
....
The complete output is lengthy and therefore not part of this mail.
It can be found at
http://www.wegener-net.de/fr together with radiusd.conf.

Any hint would be appreciated.
Norbert Wegener

More information about the Freeradius-Users mailing list