ldap configuration & the mysterious filter ="(uid=%u)"
Alan DeKok
aland at deployingradius.com
Tue Feb 9 20:09:21 CET 2016
On Feb 9, 2016, at 1:40 PM, Walter Moore <moorewr at eckerd.edu> wrote:
> I've been searching for an answer this issue on a new install of freeradius
> on CentOS 7, installed from RPMs. As far as I can see, what I enter for the
> ldap filter is not being used by the server, but I'm hopeful I've missed
> some detail in the configuration.
It's not a new install. You have configuration left over from an old version of FreeRADIUS.
Or, you edited the configuration and broke it.
> Here' the key error in the output from radiusd -X.
>
> *(0) ERROR: ldap : (uid=%u)*
> *(0) ERROR: ldap : ^ Invalid variable expansion*
> *(0) ERROR: ldap : Unable to create filter*
That's old syntax. For v3, the default in mods-available/ldap is:
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
Please use the default configuration files.
Alan DeKok.
More information about the Freeradius-Users
mailing list