<P>Hi,</P>
<P>you can see the debug. there are 7 searches for an uid that doesn't exist in the ldap directory:<BR><BR>rlm_ldap: - authorize<BR>rlm_ldap: performing user authorization for X06dfdgdg<BR>radius_xlat: '(uid=X06dfdgdg)'<BR>radius_xlat: 'ou=PERSONNES,o=sg'<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: attempting LDAP reconnection<BR>rlm_ldap: (re)connect to <A href="ldaps://ldap-homo.sesme.group.scen/"><U><FONT color=#0000ff>ldaps://ldap-homo.sesme.group.scen</U></FONT></A>, authentication 0<BR>rlm_ldap: setting TLS CACert File to /etc/openldap/cacerts/cat-caconcerto-sogepa ss.pem<BR>rlm_ldap: setting TLS Require Cert to demand<BR>rlm_ldap: bind as sgzoneid=guards,ou=eloit,ou=personnes,o=sg/ghkhkk to ldaps: //ldap-homo.sesame.group.socgen<BR>rlm_ldap: waiting for bind result ...<BR>rlm_ldap: Bind was successful<BR>rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg)<BR>rlm_ldap: object not found or got ambiguous search result<BR>rlm_ldap: search failed<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR>modcall[authorize]: module "ldap" returns notfound for request 0<BR>rlm_ldap: Entering ldap_groupcmp()<BR>radius_xlat: 'ou=PERSONNES,o=sg'<BR>radius_xlat: '(uid=X06dfdgdg)'<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg)<BR>rlm_ldap: object not found or got ambiguous search result<BR>rlm_ldap::ldap_groupcmp: search failed<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR>rlm_ldap: Entering ldap_groupcmp()<BR>radius_xlat: 'ou=PERSONNES,o=sg'<BR>radius_xlat: '(uid=X06dfdgdg)'<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg)<BR>rlm_ldap: object not found or got ambiguous search result<BR>rlm_ldap::ldap_groupcmp: search failed<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR>rlm_ldap: Entering ldap_groupcmp()<BR>radius_xlat: 'ou=PERSONNES,o=sg'<BR>radius_xlat: '(uid=X06dfdgdg)'<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg)<BR>rlm_ldap: object not found or got ambiguous search result<BR>rlm_ldap::ldap_groupcmp: search failed<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR>users: Matched DEFAULT at 116<BR>modcall[authorize]: module "files" returns ok for request 0<BR>modcall: group group returns ok for request 0<BR>rlm_ldap: Entering ldap_groupcmp()<BR>radius_xlat: 'ou=PERSONNES,o=sg'<BR>radius_xlat: '(uid=X06dfdgdg)'<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg)<BR>rlm_ldap: object not found or got ambiguous search result<BR>rlm_ldap::ldap_groupcmp: search failed<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR>rlm_ldap: Entering ldap_groupcmp()<BR>radius_xlat: 'ou=PERSONNES,o=sg'<BR>radius_xlat: '(uid=X06dfdgdg)'<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg)<BR>rlm_ldap: object not found or got ambiguous search result<BR>rlm_ldap::ldap_groupcmp: search failed<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR>rlm_ldap: Entering ldap_groupcmp()<BR>radius_xlat: 'ou=PERSONNES,o=sg'<BR>radius_xlat: '(uid=X06dfdgdg)'<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg)<BR>rlm_ldap: object not found or got ambiguous search result<BR>rlm_ldap::ldap_groupcmp: search failed<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR>users: Matched DEFAULT at 116<BR>modcall[authorize]: module "files" returns ok for request 0<BR>modcall: group authorize returns ok for request 0<BR>rad_check_password: Found Auth-Type Reject<BR>rad_check_password: Auth-Type = Reject, rejecting user<BR>auth: Failed to validate the user.<BR>Login incorrect (rlm_ldap: User not found): [X06dfdgdg] (from client sdfsfds por t 1 cli 192.18.136.19)<BR>Delaying request 0 for 1 seconds<BR>Finished request 0<BR>Going to the next request<BR>--- Walking the entire request list ---<BR>Waking up in 1 seconds...<BR>--- Walking the entire request list ---<BR>Waking up in 1 seconds...<BR>--- Walking the entire request list ---<BR>Sending Access-Reject of id 165 to 192.18.136.44:1812<BR>Reply-Message = "forbidden."<BR>Waking up in 4 seconds...<BR></P>
<DIR>
<P>> Message du 06/03/07 à 11h58<BR>> De : "Michael Mitchell" <BR>> A : "FreeRadius users mailing list" <BR>> Copie à : <BR>> Objet : Re: freeradius ldap connector<BR>> <BR>> jerrrry@voila.fr wrote:<BR>> > I notice that Freeradius tries 6 times to find a user in my LDAP <BR>> > directory when this user doesn't existe.<BR>> > <BR>> <BR>> err, really? During authorisation (where a search is performed by a priviledged user) or during authentication (where an attempt may be made to bind to LDAP as the customer)?<BR>> <BR>> What does the debug say? (run radiusd with the -X flag).<BR>> <BR>> <BR>> > Is there a mean to make freeradius tries only one time ?<BR>> <BR>> It only tries once for me, but I only do LDAP "authorisation".<BR>> <BR>> regards,<BR>> Mike<BR>> - <BR>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<BR>> <BR>> </P><FONT face=Arial size=2></DIR></FONT>