LDAP search problem

Alan DeKok aland at deployingradius.com
Fri Jul 23 11:28:10 CEST 2010


Wayne Van der Merwe wrote:
> I have FreeRADIUS 2.1.1 setup on SUS server 10.1
> 
> We are wanting to do a LDAP connection to Novell edirectory server for
> our users.
> 
> From the debug out put the LDAP session binded corectly
> The searched part failed.
> 
> I would like to know did the radius server send out the loging name as
> uid=53986067?  as indicated below.
> rlm_ldap: performing search in
> ou=USERS,ou=ELS-FRERE,ou=AMATOLA,ou=HLT,o=EC, with filter (uid=53986067)

  Because:

1) the Access-Request contains "53986067" as the User-Name
2) the ldap module is configured to use "uid=%{User-Name}"

  This is all shown in the debug output.

> When i do a ldapsearch -h 10.219.176.30 -b
> ou=USERS,ou=ELS-FRERE,ou=AMATOLA,ou=HLT,o=EC -x "uid=53986067"
>  I get no results.
> 
> If i use -x "cn=53986067" the user is found.

  So... edit the ldap module configuration to use "cn=%{User-Name}"
instead of "uid".   There's a reason the configuration files are text:
they can be edited.

  Alan DeKok.




More information about the Freeradius-Users mailing list