LDAP groups and profiles

Chris Taylor Chris.Taylor at corp.eastlink.ca
Thu Feb 7 15:51:10 CET 2013 


> I added this to the users file
>
> DEFAULT ldap1.REALM-2.ca-Ldap-Group == residential_profile
>
> But I get this error when I fire up radius -X
>
>
> /etc/raddb/users[222]: Parse error (check) for entry DEFAULT: 
> expecting operator Errors reading /etc/raddb/users

Wild guess, but you might try a simpler module name e.g. "ldap2" instead of "ldap2.some.dots-and.hyphens".


Phil I gave that a try but ended up with the same result.

Chris

I was able to get this working by adding that ldap instance to the instantiate section of radius.conf. I can do a query successfully from LDAP now and pull the group info, but during the query I am seeing first a failed query then a successful query how could I go about fixing this? I believe it's the groupmembership_filter settings but I left them to the default values which seems to be the consensus on the mailing list.


############ radius -X output  #########

  [REALM1] Entering ldap_groupcmp()
[files]         expand: ou=radius,o=realm1.ca,dc=company,dc=ca -> ou=radius,o=realm1.ca,dc=company,dc=ca
[files]         expand: (|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) -> (|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=)))
  [REALM1] ldap_get_conn: Checking Id: 0
  [REALM1] ldap_get_conn: Got Id: 0
  [REALM1] performing search in ou=radius,o=realm1.ca,dc=company,dc=ca, with filter (&(cn=residential_profile)(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=))))
  [REALM1] object not found
  [REALM1] ldap_release_conn: Release Id: 0
  [REALM1] ldap_get_conn: Checking Id: 0
  [REALM1] ldap_get_conn: Got Id: 0
  [REALM1] performing search in uid=112boy,ou=radius,o=realm1.ca,dc=company,dc=ca, with filter (objectclass=*)
rlm_ldap::ldap_groupcmp: User found in group residential_profile
  [REALM1] ldap_release_conn: Release Id: 0

###################################

### Group section of LDAP module  #####

groupname_attribute = cn
groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
groupmembership_attribute = radiusGroupName

#########################################

##### LDAP entry for an account I am querying against ######
dn: uid=112boy,ou=radius,o=realm1.ca,dc=company,dc=ca
uid: 112boy
userPassword: XXXX
objectClass:top
objectClass: posixAccount
objectClass: radiusProfile
uidNumber: 1100
gidNumber:1100
radiusSimultaneousUse: 099
radiusAuthType: PAP
homeDirectory: //
radiusGroupName: residential_profile
cn: TRUE

###########################################

I do get a successful query I would just like to figure out how to get it to resolve on the first attempt.

Thanks,

Chris


-----Original Message-----
From: freeradius-users-bounces+chris.taylor=corp.eastlink.ca at lists.freeradius.org [mailto:freeradius-users-bounces+chris.taylor=corp.eastlink.ca at lists.freeradius.org] On Behalf Of Phil Mayers
Sent: Tuesday, February 05, 2013 11:23 AM
To: freeradius-users at lists.freeradius.org
Subject: Re: LDAP groups and profiles

On 05/02/13 15:50, Chris Taylor wrote:

> I added this to the users file
>
> DEFAULT ldap1.REALM-2.ca-Ldap-Group == residential_profile
>
> But I get this error when I fire up radius -X
>
>
> /etc/raddb/users[222]: Parse error (check) for entry DEFAULT: 
> expecting operator Errors reading /etc/raddb/users

Wild guess, but you might try a simpler module name e.g. "ldap2" instead of "ldap2.some.dots-and.hyphens".
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list