rlm_ldap and large AD structure issue
Capelle, Mark (PCMC-GB)
Mark.Capelle at pcmc.com
Fri Feb 22 18:29:28 CET 2008
I have an issue since pointing FR to a point higher in my AD tree (which
will return more objects). I get the following error in my FR logs when
I try to authenticate a user:
Fri Feb 22 10:37:14 2008 : Error: rlm_ldap: ldap_search() failed:
Operations error
If I point the LDAP module deeper down my AD structure everything works
fine. At first I thought it was due to the number of results that AD
returns when queried via LDAP, but I modified this and now it returns
everything via an ldapsearch. If I run an ldapsearch against my AD tree
using the "sAMAccountName = <username>" and the correct account info
returned immediately, so it does not necessarily appear to be an
ldapsearch issue but rather an issue with the way rlm_ldap uses it.
PEAP via ntlm_auth does not have any issue with the tree size either.
Has anyone else encountered this and found a solution? I am fighting
like hell to not install the corporate standard Cisco ACS box at my
site, but if I can't manage to get this working I may have to finally
cave :-(.
Regards,
Mark Capelle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080222/5090b59f/attachment.html>
More information about the Freeradius-Users
mailing list