LDAP-UserDn not populated? (Was: Re: Radius, LDAP and Openvpn)
Andres Septer
andres.septer at gmail.com
Fri Nov 1 15:21:38 CET 2013
Thank you for answer, but I started messing with default configuration
because this did not return any search results either.
This is what my original configuration looked like
<------># Group membership checking. Disabled by default.
<------>#
<------># groupname_attribute = cn
<------># groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
I used original conf to generate a debug log for this.
And YES, the adding "control:" helped. So basically it's a package bug. I
will inform Suse freeradius package maintainer.
Thank you, again.
Andres
2013/11/1 Phil Mayers <p.mayers at imperial.ac.uk>
> On 01/11/13 13:11, Andres Septer wrote:
>
>> Logs
>> LDAP search fail, because LDAP-UserDN empty
>>
>
> This is:
>
> a. Not a debug with "radiusd -X", and
> b. Not a complete debug.
>
> ...but never mind. I can see your problem:
>
> (|(&(objectClass=GroupOfNames)**(member=%{Ldap-UserDn}))
>>
>
> ...you have edited the default config and broken it. Go back to the
> default config and look carefully at what it says - you'll note it's:
>
> control:Ldap-UserDn
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
> list/users.html <http://www.freeradius.org/list/users.html>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20131101/45d02ebf/attachment.html>
More information about the Freeradius-Users
mailing list