[3.0.4] LDAP issues

Arran Cudbard-Bell a.cudbardb at freeradius.org
Thu Sep 11 14:45:59 CEST 2014 

On 11 Sep 2014, at 03:01, Hachmer, Tobias <Tobias.Hachmer at stadt-frankfurt.de> wrote:

> Hello list,
> 
> thanks for version 3.0.4. On our test system here I encountered the following issues regarding the ldap module:
> 
> 1. 
> rlm_ldap: Falling back to build time libldap version info.  Query for LDAP_OPT_API_INFO returned: -1
> rlm_ldap: libldap vendor: OpenLDAP version: 20423
> 
> Is this an error/warning/info? Should I act on this?

You should tell the libldap guys to implement LDAP_OPT_API_INFO.

I'll switch it to a debug message.

> 
> 2. lots of:
> (0)  ERROR: ldap : Failed tokenising attribute string: Expecting operator
> (0)  WARNING: ldap : Failed parsing 'radiusAttribute' value "reply:Xylan-Access-Priv += Xylan-Read-Priv" as valuepair, skipping...
> 
> What have changed regarding generic radiusAttribute in ldap?

Nothing interesting. I wonder if something changed in the tokeniser.

	/*
	 *	Retrieve any valuepair attributes from the result, these are generic values specifying
	 *	a radius list, operator and value.
	 */
	if (inst->valuepair_attr) {
		char 		**values;
		int		count, i;

		values = ldap_get_values(handle, entry, inst->valuepair_attr);
		count = ldap_count_values(values);

		for (i = 0; i < count; i++) {
			value_pair_map_t *attr;

			RDEBUG3("Parsing attribute string '%s'", values[i]);
			if (map_from_vp_str(&attr, request, values[i],
					    REQUEST_CURRENT, PAIR_LIST_REPLY,
					    REQUEST_CURRENT, PAIR_LIST_REQUEST) < 0) {
				RWDEBUG("Failed parsing '%s' value \"%s\" as valuepair, skipping...",
					inst->valuepair_attr, values[i]);
				continue;
			}
			if (map_to_request(request, attr, map_to_vp, NULL) < 0) {
				RWDEBUG("Failed adding \"%s\" to request, skipping...", values[i]);
			}
			talloc_free(attr);
		}

		ldap_value_free(values);
	}

The fact that the debug output shows valid values, probably means it's 
not the LDAP code. I'll have a look at it later.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140911/039bbaa7/attachment.pgp>

More information about the Freeradius-Users mailing list