RE: Expanding run-time variables and checking access_attr for allow
If I put, ONLY FOR CHECK, the base_filter = "(uniquemember=cn=nicolas.velazquez@uam.es,cn=users,dc=uam,dc=es)" the LDAP replies with No Such Object. But the radius authorization sends ok. The misconfiguration of LDAP is not the question here. The question here is: documentation says if the parameter not exists the authorization doesn't work.
It exists so it does work:
Is FR using the matchedDN parameter? I used "cn" as access_atr. It could be an explanation an then I must build a better access_atr.
I don't know anything about ldap. Debug shows that freeradius found access attribute for that uid. I have no idea how, but it did.
And the initial question about the expand of runtime-variables? The UNexpand of the base_filter is the normal way of operation?
Yes, base_filter doesn't expand. I don't think that base_dn expands either. uid is the only one that's dynamic there. Ivan Kalik
participants (1)
-
tnt@kalik.net