Expanding run-time variables and checking access_attr for allow
tnt at kalik.net
tnt at kalik.net
Thu Nov 19 18:34:02 CET 2009
>> > If I put, ONLY FOR CHECK, the base_filter =
>> > "(uniquemember=cn=nicolas.velazquez at uam.es,cn=users,dc=uam,dc=es)"
>> the
>> > LDAP
>> > replies with No Such Object. But the radius authorization sends ok.
>> > The misconfiguration of LDAP is not the question here.
>> > The question here is: documentation says if the parameter not exists
>> the
>> > authorization doesn't work.
>>
>> It exists so it does work:
>
> Is FR using the matchedDN parameter?
> I used "cn" as access_atr.
> It could be an explanation an then I must build a better access_atr.
I don't know anything about ldap. Debug shows that freeradius found access
attribute for that uid. I have no idea how, but it did.
> And the initial question about the expand of runtime-variables?
> The UNexpand of the base_filter is the normal way of operation?
Yes, base_filter doesn't expand. I don't think that base_dn expands
either. uid is the only one that's dynamic there.
Ivan Kalik
More information about the Freeradius-Users
mailing list