freeradius+ldap: Invalid DN syntax

ziko emobuxuti at yahoo.com
Sat Apr 2 19:29:30 CEST 2011


Hello. 
I am using Freeradius 2 with openldap 2.3.43 on my CentOS 5.

My OPenldap works grate without freeradius, and freeradius works without ldap.

But i cant connect ldap and freeradius.

my ldapsearch output:

ldapsearch -x
# extended LDIF
#
# LDAPv3
# base <dc=my-domain,dc=com> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# my-domain.com
dn: dc=my-domain,dc=com
objectClass: organization
objectClass: dcObject
dc: my-domain
o: my-domain

# People, my-domain.com
dn: ou=People,dc=my-domain,dc=com
objectClass: organizationalUnit
ou: People

# group, my-domain.com
dn: ou=group,dc=my-domain,dc=com
objectClass: organizationalUnit
ou: group

# machines, my-domain.com
dn: ou=machines,dc=my-domain,dc=com
objectClass: organizationalUnit
ou: machines

# office, group, my-domain.com
dn: cn=office,ou=group,dc=my-domain,dc=com
objectClass: posixGroup
description: office group
gidNumber: 10000
cn: office

# gchkhetiani, People, my-domain.com
dn: uid=gchkhetiani,ou=People,dc=my-domain,dc=com
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
homeDirectory: /home/gchkhetiani
loginShell: /bin/bash
uid: gchkhetiani
cn:: 4YOS4YOY4YOd4YOg4YOS4YOYIOGDqeGDruGDlOGDouGDmOGDkOGDnOGDmA==
uidNumber: 10000
gidNumber: 10000
sn:: 4YOp4YOu4YOU4YOi4YOY4YOQ4YOc4YOY
givenName:: 4YOS4YOY4YOd4YOg4YOS4YOY

# search result
search: 2
result: 0 Success

# numResponses: 7
# numEntries: 6







my /etc/raddb/modules/ldap:

ldap {
        #
        #  Note that this needs to match the name in the LDAP
        #  server certificate, if you're using ldaps.
        server = "server2.******.ge"
        identity = "cn=Manager,dc=my-domain,dc=com"
        password = ******
        basedn = "dn=my-domain,dn=com"
        filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"



radtest command:
radtest gchkhetiani ****  localhost 2 testing123


radiusd -X output:

[ldap] performing user authorization for gchkhetiani
[ldap]     expand: %{Stripped-User-Name} -> 
[ldap]     expand: %{User-Name} -> gchkhetiani
[ldap]     expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> 
(uid=gchkhetiani)
[ldap]     expand: dn=my-domain,dn=com -> dn=my-domain,dn=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to server2.******.ge:389, authentication 0
rlm_ldap: bind as cn=Manager,dc=my-domain,dc=com/****** to server2.******.ge:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dn=my-domain,dn=com, with filter 
(uid=gchkhetiani)
rlm_ldap: ldap_search() failed: Invalid DN syntax
[ldap] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns fail
Invalid user: [gchkhetiani/svani] (from client localhost port 2)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> gchkhetiani
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 218 to 127.0.0.1 port 35291


There is rlm_ldap: ldap_search() failed: Invalid DN syntax error. How can I fix 
it?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110402/763d5b43/attachment.html>


More information about the Freeradius-Users mailing list