LDAP-group filter search is failing

joezamosc joezamosc at yahoo.com
Fri Apr 8 18:09:40 CEST 2011 

Phil - i changed according to your suggestion.  Still getting the
"rlm_ldap::ldap_groupcmp: ldap_get_values() failed" error.

Alexander - you have a point - WANN is under OU - I've made an adjustment in
modules/ldap and changed groupname_attribute to ou "groupname_attribute =
ou"
But after running it - i still receive "rlm_ldap::ldap_groupcmp:
ldap_get_values() failed" error...

+- entering group post-auth {...}
  [ldap] Entering ldap_groupcmp()
[files]         expand: ou=Departments,dc=corp,dc=development,dc=com ->
ou=Departments,dc=corp,dc=development,dc=com
[files]         expand: (&(sAMAccountName=%{mschap:User-Name})) ->
(&(sAMAccountName=RobertTest1))
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0

  [ldap] performing search in ou=Departments,dc=corp,dc=development,dc=com,
with filter (&(sAMAccountName=RobertTest1))
  [ldap] ldap_release_conn: Release Id: 0
[files]         expand:
(&(objectClass=group)(member=%{control:Ldap-UserDn})) ->
(&(objectClass=group)(member=CN\3dRobertTest1\2cOU\3dWANN\2cOU\3dDepartments\2cDC\3dcorp\2cDC\3ddevelopment\2cDC\3dcom))
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in ou=Departments,dc=corp,dc=development,dc=com,
with filter
(&(ou=WANN)(&(objectClass=group)(member=CN\3dRobertTest1\2cOU\3dWANN\2cOU\3dDepartments\2cDC\3dcorp\2cDC\3ddevelopment\2cDC\3dcom)))
  [ldap] object not found
  [ldap] ldap_release_conn: Release Id: 0
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0

  [ldap] performing search in
CN=RobertTest1,OU=WANN,OU=Departments,DC=corp,DC=development,DC=com, with
filter (objectclass=*)
rlm_ldap::ldap_groupcmp: ldap_get_values() failed
  [ldap] ldap_release_conn: Release Id: 0
++[files] returns noop

Sending Access-Accept of id 224 to 192.168.100.2 port 1645
        User-Name = "DEVELOPMENT\\RobertTest1"
        MS-MPPE-Recv-Key =
0x8c2d74933e7870173463e1855e01e93bf9e67a837387801d85c5b9e307b0d08f
        MS-MPPE-Send-Key =
0x677459a0d6a7498398e7d7083e9ab49d33be9d812e6a3117569cdf126f9b385c
        EAP-Message = 0x030a0004
        Message-Authenticator = 0x00000000000000000000000000000000
Finished request 8.



And after running ldapsearch -h server -x -b dc=corp,dc=development,dc=com
ou=wann dn member  
I get...

# extended LDIF
#
# LDAPv3
# base <DC=corp,DC=development,DC=com> with scope subtree
# filter: ou=wann
# requesting: ALL
#

# WANN, Departments, corp.development.com
dn: OU=WANN,OU=Departments,DC=corp,DC=development,DC=com
objectClass: top
objectClass: organizationalUnit
ou: WANN
distinguishedName: OU=WANN,OU=Departments,DC=corp,DC=development,DC=com
instanceType: 4
whenCreated: 20110405164142.0Z
whenChanged: 20110405164142.0Z
uSNCreated: 10913685
uSNChanged: 10913685
name: WANN
objectGUID:: Eqi2LbFChke1MJ1VS9a4GA==
objectCategory:
CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=corp,DC=d
evelopment,DC=com

# search reference
ref:
ldap://ForestDnsZones.corp.development.com/DC=ForestDnsZones,DC=corp,DC=development,DC=com

# search reference
ref:
ldap://DomainDnsZones.corp.development.com/DC=DomainDnsZones,DC=corp,DC=development,DC=com

# search reference
ref:
ldap://corp.development.com/CN=Configuration,DC=corp,DC=development,DC=com

# search result
search: 2
result: 0 Success

# numResponses: 5
# numEntries: 1
# numReferences: 3



--
View this message in context: http://freeradius.1045715.n5.nabble.com/LDAP-group-filter-search-is-failing-tp4289457p4291313.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

More information about the Freeradius-Users mailing list