LDAP Module : basedn empty -> error

Dominique Fournier dominique.fournier at grenoble.cnrs.fr
Fri Nov 29 18:31:47 CET 2013


Hi

I just try with a space in it and it doesn't work.
I have the logs :
[ldap-inner-tunnel] performing user authorization for richard.heral
[ldap-inner-tunnel] 	expand: (mail=%{User-Name}) -> (mail=XXXX.fr)
[ldap-inner-tunnel] 	expand:   ->
   [ldap-inner-tunnel] ldap_get_conn: Checking Id: 0
   [ldap-inner-tunnel] ldap_get_conn: Got Id: 0
   [ldap-inner-tunnel] attempting LDAP reconnection
   [ldap-inner-tunnel] (re)connect to ldaps://XXXXXfr:636, authentication 0
   [ldap-inner-tunnel] bind as uid=XXXXX=fr/YYYY to ldaps://XXXXX.fr:636
   [ldap-inner-tunnel] waiting for bind result ...
   [ldap-inner-tunnel] Bind was successful
   [ldap-inner-tunnel] performing search in  , with filter (mail=XXXX.fr)
   [ldap-inner-tunnel] ldap_search() failed: Invalid DN syntax
[ldap-inner-tunnel] search failed
   [ldap-inner-tunnel] ldap_release_conn: Release Id: 0
++[ldap-inner-tunnel] returns fail

So there is no solution for me... except go to freeradius 3.

Do you think a patch can be processed to the 2.x branch without changing 
everything ?

Thanks a lot

Dom

Thanks for your ans

Le 29/11/2013 16:58, Arran Cudbard-Bell a écrit :
>
> On 29 Nov 2013, at 15:39, Dominique Fournier <dominique.fournier at grenoble.cnrs.fr> wrote:
>
>> Hi
>>
>> I try to connect my Freeradius to a Zimbra LDAP server with multidomain. In Zimbra, the LDAP tree is something like :
>> "ou=people,dc=domain,dc=tld".
>>
>> I have some domains in ".fr" and some other in ".org".
>>
>> If I configure with the basedn = "dc=fr", Freeradius works well for all the domains in ".fr". But if I try to allow all my domains (with a basedn=""), Freeradius don't accept to authenticate the users.
>>
>> In the logs, when there is a reject, I can see :
>> [ldap-inner-tunnel] performing user authorization for XXXXX
>> [ldap-inner-tunnel] 	expand: (mail=%{User-Name}) -> (mail=XXXXX.fr)
>> [ldap-inner-tunnel] 	expand:  ->
>>   [ldap-inner-tunnel] unable to create basedn.
>> ++[ldap-inner-tunnel] returns invalid
>> Invalid user: [XXXXX.fr] (from client localhost port 0 via TLS tunnel)
>>
>>
>> I found a topic in the list http://freeradius.1045715.n5.nabble.com/Sending-null-BaseDN-td5716006.html in 2012, but there is no solution.
>>
>> I am on a Debian stable Freeradius 2.1.12
>
> It was precisely for this reason that in version 3 there was a distinction made between the failure case of xlats, and the case where the expansion was a zero length string.
>
> It should work fine in 3.0.0 3.0.x or master, there is no solution for that version unless
> you can insert some chars into the base_dn that the LDAP server will ignore. You could try a bit of whitespace?
>
> -Arran
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>


More information about the Freeradius-Users mailing list