<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:verdana,helvetica,sans-serif;font-size:12pt">Hello. <br>I am using Freeradius 2 with openldap 2.3.43 on my CentOS 5.<br><br>My OPenldap works grate without freeradius, and freeradius works without ldap.<br><br>But i cant connect ldap and freeradius.<br><br>my ldapsearch output:<br><br>ldapsearch -x<br># extended LDIF<br>#<br># LDAPv3<br># base <dc=my-domain,dc=com> (default) with scope subtree<br># filter: (objectclass=*)<br># requesting: ALL<br>#<br><br># my-domain.com<br>dn: dc=my-domain,dc=com<br>objectClass: organization<br>objectClass: dcObject<br>dc: my-domain<br>o: my-domain<br><br># People, my-domain.com<br>dn: ou=People,dc=my-domain,dc=com<br>objectClass: organizationalUnit<br>ou: People<br><br># group, my-domain.com<br>dn: ou=group,dc=my-domain,dc=com<br>objectClass: organizationalUnit<br>ou: group<br><br># machines,
my-domain.com<br>dn: ou=machines,dc=my-domain,dc=com<br>objectClass: organizationalUnit<br>ou: machines<br><br># office, group, my-domain.com<br>dn: cn=office,ou=group,dc=my-domain,dc=com<br>objectClass: posixGroup<br>description: office group<br>gidNumber: 10000<br>cn: office<br><br># gchkhetiani, People, my-domain.com<br>dn: uid=gchkhetiani,ou=People,dc=my-domain,dc=com<br>objectClass: posixAccount<br>objectClass: inetOrgPerson<br>objectClass: organizationalPerson<br>objectClass: person<br>homeDirectory: /home/gchkhetiani<br>loginShell: /bin/bash<br>uid: gchkhetiani<br>cn:: 4YOS4YOY4YOd4YOg4YOS4YOYIOGDqeGDruGDlOGDouGDmOGDkOGDnOGDmA==<br>uidNumber: 10000<br>gidNumber: 10000<br>sn:: 4YOp4YOu4YOU4YOi4YOY4YOQ4YOc4YOY<br>givenName:: 4YOS4YOY4YOd4YOg4YOS4YOY<br><br># search result<br>search: 2<br>result: 0 Success<br><br># numResponses: 7<br># numEntries: 6<br><br><br><br><br><br><br><br>my /etc/raddb/modules/ldap:<br><br>ldap
{<br> #<br> # Note that this needs to match the name in the LDAP<br> # server certificate, if you're using ldaps.<br> server = "server2.******.ge"<br> identity = "cn=Manager,dc=my-domain,dc=com"<br> password = ******<br> basedn = "dn=my-domain,dn=com"<br> filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"<br><br><br><br>radtest command:<br>radtest gchkhetiani **** localhost 2 testing123<br><br><br>radiusd -X output:<br><br>[ldap] performing user authorization for gchkhetiani<br>[ldap] expand: %{Stripped-User-Name} -> <br>[ldap] expand: %{User-Name} ->
gchkhetiani<br>[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=gchkhetiani)<br>[ldap] expand: dn=my-domain,dn=com -> dn=my-domain,dn=com<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>rlm_ldap: ldap_get_conn: Got Id: 0<br>rlm_ldap: attempting LDAP reconnection<br>rlm_ldap: (re)connect to server2.******.ge:389, authentication 0<br>rlm_ldap: bind as cn=Manager,dc=my-domain,dc=com/****** to server2.******.ge:389<br>rlm_ldap: waiting for bind result ...<br>rlm_ldap: Bind was successful<br>rlm_ldap: performing search in dn=my-domain,dn=com, with filter (uid=gchkhetiani)<br>rlm_ldap: ldap_search() failed: Invalid DN syntax<br>[ldap] search failed<br>rlm_ldap: ldap_release_conn: Release Id: 0<br>++[ldap] returns fail<br>Invalid user: [gchkhetiani/svani] (from client localhost port 2)<br>Using Post-Auth-Type Reject<br>+- entering group REJECT {...}<br>[attr_filter.access_reject]
expand: %{User-Name} -> gchkhetiani<br> attr_filter: Matched entry DEFAULT at line 11<br>++[attr_filter.access_reject] returns updated<br>Delaying reject of request 0 for 1 seconds<br>Going to the next request<br>Waking up in 0.9 seconds.<br>Sending delayed reject for request 0<br>Sending Access-Reject of id 218 to 127.0.0.1 port 35291<br><br><br>There is rlm_ldap: ldap_search() failed: Invalid DN syntax error. How can I fix it?<br></div></body></html>