ldap configuration & the mysterious filter ="(uid=%u)"

Matthew Newton mcn4 at leicester.ac.uk
Tue Feb 9 22:58:38 CET 2016


Just to clear up why it worked after replacing the broken
configuration with the working one...

On Tue, Feb 09, 2016 at 01:40:00PM -0500, Walter Moore wrote:
> /etc/raddb/mods-enables/ldap:
> [...]
>     ldap {
>         server = "ldap.eckerd.edu"
>         identity = "cn=directory manager"
>         password = *********
>         basedn = "dc=eckerd,dc=edu"
> *        filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"*

This is old v2 config, filter= is directly in the ldap{} section,
not in the user{} sub-section.

> LDAP output from radiusd -X
>   ldap {
>         server = "ldap.eckerd.edu"
>         port = 389
>         password = <<< secret >>>
>         identity = "cn=directory manager"

This:

>    user {
> *        filter = "(uid=%u)"*

... is in the user{} subsection.


On Tue, Feb 09, 2016 at 02:09:21PM -0500, Alan DeKok wrote:
>   It's not a new install.  You have configuration left over from an old version of FreeRADIUS.

Exactly.

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list