LDAP search failed

Arran Cudbard-Bell a.cudbardb at freeradius.org
Thu Jul 2 17:51:04 CEST 2015 

> On 2 Jul 2015, at 11:46, Hatim CHIKHI <hatim.networking at gmail.com> wrote:
> 
> Now, when I add password = "****" to the ldap config I get this error
> instead:
> 
>  [ldap] waiting for bind result ...
>  [ldap] Bind was successful
>  [ldap] performing search in dc=ad,dc=domain,dc=fr, with filter
> sAMAccountName=hatim
>  [ldap] ldap_search() failed: Timed out while waiting for server to
> respond. Please increase the timeout.
>  [ldap] ldap_release_conn: Release Id: 0
> ++[ldap] = fail

Likely hopping around the AD forrest and timing out.

Use ldapsearch to repeat the search and check the results.

If it times out as well then that's your issue. Fix AD.

If not, then compare the wireshark captures to see what's different between the two searches.

If you think rlm_ldap is doing something wrong, upgrade to v3.0.8, and state what you think it should do different.

-Arran


> 
> I increased the timeout but in vain!!
> 
> 2015-07-02 17:29 GMT+02:00 Hatim CHIKHI <hatim.networking at gmail.com>:
> 
>> Thanks guys for your reply.
>> 
>> I upgraded to freeradius 2.2.7 but I still have the same problem.
>> 
>> If it is not a version issue, what whould be the cause of the problem?
>> 
>> 
>> 2015-07-02 13:07 GMT+02:00 Alan DeKok <aland at deployingradius.com>:
>> 
>>> On Jul 2, 2015, at 5:31 AM, Hatim CHIKHI <hatim.networking at gmail.com>
>>> wrote:
>>>> I'm using freeRaduis version 2.1.12+dfsg-1.2.
>>> 
>>>  You should upgrade.
>>> 
>>>> I'm trying to get some parameters from an AD server but I have problems
>>>> with the search filter.
>>>> ...
>>>> [ldap] ldap_search() failed: Operations error
>>> 
>>>  This is fixed (and documented) in later versions of the server.
>>> Install 2.2.7.
>>> 
>>>  Alan DeKok.
>>> 
>>> 
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>> 
>> 
>> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150702/2ae01150/attachment.sig>

More information about the Freeradius-Users mailing list