ldap configuration & the mysterious filter ="(uid=%u)"

Alan DeKok aland at deployingradius.com
Tue Feb 9 21:13:32 CET 2016


On Feb 9, 2016, at 2:43 PM, Walter Moore <moorewr at eckerd.edu> wrote:
> On this new install of freeradius I used the ldap config suggested by this
> page:
> http://wiki.freeradius.org/modules/rlm_ldap

  That's for version 2.  I'll edit it to make that more clear.

  But in general, it's *really* not a good idea to just blow away the entire configuration, and replace it with an example from the documentation.

  The point of the example configuration file is for you to *read it*, and make *minor changes*.  See "man radiusd" for instructions.

  Destroying the configuration is just... unhelpful.

> Note that on this page, as in my prior config, the listed entry for filter
> is  *filter = "(uid=%{%{Stripped-User-Name}:**-%{User-Name}})"*

  And that's what you should have used.  It should also be a hint that running the *default* configuration works, and running a *butchered* configuration doesn't work.

> There seem to be some problems with this page, and some general gaps in
> documentation for enabling modules.. for example this search returns no
> results.
> http://wiki.freeradius.org/search?q=enable+module

  Feel free to make suggestions.

  But if you read raddb/mods-available/README.rst, you'll see that this *is* documented.

  The main problem with most of the documentation is that people look everywhere else... but not where the documentation is located.

  Alan DeKok.




More information about the Freeradius-Users mailing list