LDAP search failed

Hatim CHIKHI hatim.networking at gmail.com
Thu Jul 2 11:31:20 CEST 2015


Hello,

I'm using freeRaduis version 2.1.12+dfsg-1.2.

I'm trying to get some parameters from an AD server but I have problems
with the search filter.

Here is my ldap configuration:

ldap {

        server = "myldapserver"

        basedn = "dc=ad,dc=domain,dc=fr"

        identity =
"cn=LinOTP-Auth,ou=AD-Man,ou=Ressources,dc=ad,dc=domain,dc=fr"

        filter = "sAMAccountName==%{User-Name}"

        #base_filter = "(objectclass=sAMAccountName)"

        start_tls = no

        groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"

        #profile_attribute = "radiusFramedIPAddress"

        profile_attribute = "radiusprofile"

        access_attr = "uid"

        dictionary_mapping = ${raddbdir}/ldap.attrmap

        ldap_connections_number = 10

        timeout = 4

        timelimit = 5

        net_timeout = 1

        set_auth_type = yes

}



I'm not sure about the filter parameter.



Here are freeradius logs:


[ldap] performing user authorization for hatim

[ldap]  expand: sAMAccountName==%{User-Name} -> sAMAccountName==hatim

[ldap]  expand: dc=ad,dc=domain,dc=fr -> dc=ad,dc=domain,dc=fr

  [ldap] ldap_get_conn: Checking Id: 0

  [ldap] ldap_get_conn: Got Id: 0

  [ldap] attempting LDAP reconnection

  [ldap] (re)connect to myldapserver:389, authentication 0

  [ldap] bind as
cn=LinOTP-Auth,ou=AD-Man,ou=Ressources,dc=ad,dc=domain,dc=fr/
to  myldapserver:389

  [ldap] waiting for bind result ...

  [ldap] Bind was successful

  [ldap] performing search in dc=ad,dc=domain,dc=fr, with filter
sAMAccountName==hatim

  [ldap] ldap_search() failed: Operations error

[ldap] search failed

  [ldap] ldap_release_conn: Release Id: 0

++[ldap] returns fail



Can you help me please?

Thank you!


More information about the Freeradius-Users mailing list