<div dir="ltr"><div><div><div>G'day list<br><br></div>I've come across an issue with the ldap module parameter base_filter, and I'm not yet sure whether<br></div>I'm hitting a bug (I guess: less likely) than I'm missing / missunderstanding its correct use.<br>
<br>I'm running a Debian Squeeze derivative (Univention Corporate Server), FR 2.1.10 and OpenLDAP.<br></div><div><div>On squeeze base_filter come preconfigured as disabled (#base_filter = "(objectclass=radiusprofile)"<br>
<br></div><div>Now my idea was to set base_filter = "(sambaAcctFlags=[U ])" to only let user objects (that are not disabled) get authorized. This field is present on user object so it would be great to have it used somehow.<br>
<br></div><div>The curious thing was that radtest I always get Access-Accept even when a user has a the disabled flag (sambaAcctFlags=[UD ]).<br></div><div><br>This led me to check whether I can just set base_filter="(notExisting=thisDoesntExist)"<br>
</div><div>And the result also was: Access-Accept, so I guess base_filter isn't read as I'd have expected it at first sigh :-\<br><br></div><div>When I launch freeradius in debug mode I can see a message base_filter = "(sambaAcctFlags=[U ])" passing on the screen so I guess the value at least is getting read.<br>
<br></div><div>Can you give me a clever hint where/what to look for?<br><br></div><div>Best regards<br>Mathieu<br></div><div><br></div></div></div>