LDAP Search failed due to ldap filter mismatch -> then information "no known good password found for the user"

Matthew Newton mcn at freeradius.org
Mon Oct 1 11:23:26 CEST 2018

On Mon, 2018-10-01 at 09:00 +0000, Thorsten Fritsch wrote:
> It's logical that there is no good password if no user is found - but
> in my eyes it's a kind of misleading information which could easily
> lead to the wrong conclusion there must be a problem with the
> password. I recommend to leave this out if the LDAP search is failing
> altogether:

The LDAP message comes from the LDAP module.

The "no known good password" message comes from the PAP module.

Neither module knows anything about any of the modules that come before
or after it, and the PAP module could have been supplied a password
from many other modules.

So for example you run rlm_ldap, then rlm_sql, then rlm_files to try
and find a password, then rlm_pap to check the password. rlm_pap can
use a password that any of the previous modules found. If there isn't a
password, there's not much it can do apart from say "I can't find a


More information about the Freeradius-Devel mailing list