LDAP-group filter search is failing

Phil Mayers p.mayers at imperial.ac.uk
Fri Apr 8 09:46:07 CEST 2011


On 04/07/2011 10:06 PM, joezamosc wrote:
> 2.1.10
>
> Here's a snippet of freeradius -X...
>
> +- entering group post-auth {...}
>    [ldap] Entering ldap_groupcmp()
> [files]         expand: ou=Departments,dc=corp,dc=development,dc=com ->
> ou=Departments,dc=corp,dc=development,dc=com
> [files]         expand: (&(sAMAccountName=%{mschap:User-Name})) ->
> (&(sAMAccountName=RobertTest1))
>    [ldap] ldap_get_conn: Checking Id: 0
>    [ldap] ldap_get_conn: Got Id: 0
>    [ldap] performing search in ou=Departments,dc=corp,dc=development,dc=com,
> with filter (&(sAMAccountName=RobertTest1))
>    [ldap] ldap_release_conn: Release Id: 0
> [files]         expand:
> (|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))
> ->

You are using Active Directory, and this LDAP filter is invalid.

You want:

(&(objectClass=group)(member=%{control:Ldap-UserDn}))




More information about the Freeradius-Users mailing list