dynamic expansion will not be dynamically expanded in ldap configuration

Angel L. Mateo amateo at um.es
Thu Apr 23 09:23:40 CEST 2015


El 23/04/15 a las 08:39, Angel L. Mateo escribió:
> El 22/04/15 a las 14:47, Arran Cudbard-Bell escribió:
>
>>> It shouldn't be a hard failure unless you're using v3.1.x.
>>>
>>> Make sure you're building from v3.0.x where it should just be a warning.
>>
>> Or I guess you were previously building from. I though't we'd made
>> this a non fatal error, due the likelihood that places would be missed...
>>
>      I have built it from source v3.0.7.
>
>      My problem is that although it's a warning, my ldap configuration
> does not make any ldap search for groups.
>
	I have seen that 3.0.8 has already been released, so I have upgraded 
(in my test environment).

	Now I don't have the "dynamic expansion..." error, but ldap module is 
still not searching for groups.

	In my ldap I have my users and groups with a posix schema. Primary 
group of the user are in the gidNumber attribute of the user. This group 
has a posixGroup entry in the ldap. In this entry there are memberUid 
attributes for the users belonging to the group (but this is not its 
primary group).

	So, in my ldap module configuration I have:

group {
	base_dn = '<my base dn>'
	filter = '(objectClass=posixGroup)'
	name_attribute = gidNumber
	membership_filter = 
"(|(&(uid=%{%{Stripped-User-Name}:-%{User-Name}})(objectClass=posixAccount))(&(objectClass=posixGroup)(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))
	membership_attribute = 'uid'
}

	and in the site configuration:

authorize {
	preprocess
	suffix
	files
	ldap
	mschap
	pap
	expiration
}

	Then, in my users file I have something like:

DEFAULT	Realm == um.es, Ldap-Group == 1001, Auth-Type := Reject
	Reply-Message = "..."
	Fall-Through = No

DEFAULT	Realm == um.es
         Fall-Through = No

	but, radius never make any search to match the group of the users.

	Any idea?

-- 
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868887590
Fax: 868888337


More information about the Freeradius-Users mailing list