ldap configuration & the mysterious filter ="(uid=%u)"

Walter Moore moorewr at eckerd.edu
Tue Feb 9 20:43:59 CET 2016


Mr. DeKok,

On this new install of freeradius I used the ldap config suggested by this
page:
http://wiki.freeradius.org/modules/rlm_ldap

Note that on this page, as in my prior config, the listed entry for filter
is  *filter = "(uid=%{%{Stripped-User-Name}:**-%{User-Name}})"*

I erased that an made a copy of mods-available/ldap and no longer have the
issue with the incorrect filter in radiusd -X output.

There seem to be some problems with this page, and some general gaps in
documentation for enabling modules.. for example this search returns no
results.
http://wiki.freeradius.org/search?q=enable+module




On Tue, Feb 9, 2016 at 2:09 PM, Alan DeKok <aland at deployingradius.com>
wrote:

> On Feb 9, 2016, at 1:40 PM, Walter Moore <moorewr at eckerd.edu> wrote:
> > I've been searching for an answer this issue on a new install of
> freeradius
> > on CentOS 7, installed from RPMs. As far as I can see, what I enter for
> the
> > ldap filter is not being used by the server, but I'm hopeful I've missed
> > some detail in the configuration.
>
>   It's not a new install.  You have configuration left over from an old
> version of FreeRADIUS.
>
>   Or, you edited the configuration and broke it.
>
> > Here' the key error in the output from radiusd -X.
> >
> > *(0) ERROR: ldap : (uid=%u)*
> > *(0) ERROR: ldap :       ^ Invalid variable expansion*
> > *(0)  ERROR: ldap : Unable to create filter*
>
>   That's old syntax.  For v3, the default in mods-available/ldap is:
>
>         filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
>
>   Please use the default configuration files.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html




-- 
+-----------------------------------------------------------------+
Walter R. Moore --  Sr. Systems Administrator, Eckerd College
moorewr at eckerd.edu --  http://home.eckerd.edu/~moorewr

"It was glorious to see -- if your heart were iron,
And you could keep from grieving at all the pain" - The Iliad (13.355)

I'm on twitter: http://twitter.com/moorewreckerd

***Reminder! ITS will never ask you to e-mail your password!***


More information about the Freeradius-Users mailing list