rlm_ldap fails but ldapsearch works
Alan DeKok
aland at deployingradius.com
Sun Aug 2 17:09:31 CEST 2020
On Aug 2, 2020, at 10:47 AM, Victor via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> Well, from the wireshark LDAP protocol decode:
Which doesn't really help.
> -the answer to rlm_ldap:
...
> -the answer to ldapsearch:
Yes, you already said that in your first message. Repeating it doesn't help.
> rlm_ldap clearly doesn't get the same answer, almost to the same request (timeLimit differs):
Then blame the LDAP server. If the same query gives two different answers, then it's broken. Or, there's something happening behind the scenes. e.g. it's applying additional filters based on something else such as source IP.
Are you doing the ldapsearch from the same machine which is running FreeRADIUS?
But... in the end the issue is simple. The query used by FreeRADIUS is correct, but the answer returned by the LDAP server is wrong. You have to figure out what's wrong with the LDAP server, and why.
Alan DeKok.
More information about the Freeradius-Users
mailing list