rlm_ldap: ldap_search() failed: Bad search filter:

Norbert Wegener nw at sbs.de
Wed Dec 7 21:30:08 CET 2005 

I am still trying to let freeradius query AD, but not yet too successfull.

Using the following vars with ldapsearch, gives me the desired result, 
as shown below, but fails with rlm_ldap.
##########################################
server="mchm967a.tww006.sitest.net "
port=3268
identity="testrad at TDE002.SITEST.NET "
mypass="mypass"
basedn="dc=TDE002,dc=SITEST,dc=NET"
filter="(&(sAMAccountName=28TEF003$)(objectclass=computer)) 
sAMAccountName userAccountControl"
#########################################
ldapsearch -x  -h $server -p $port -b $basedn $filter -D $identity -w 
$mypass -x

# extended LDIF
#
# LDAPv3
# base <dc=TDE002,dc=SITEST,dc=NET> with scope sub
# filter: (&(sAMAccountName=28TEF003$)(objectclass=computer))
# requesting: sAMAccountName userAccountControl
#

# 28TEF003, CAT-Computers, OU16, MchP, tde002.sitest.net
dn: CN=28TEF003,OU=CAT-Computers,OU=OU16,OU=MchP,DC=tde002,DC=sitest,DC=net
userAccountControl: 4096
sAMAccountName: 28TEF003$

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
##################################################
So far, so good.
When I take the same vars in  radiusd.conf, I get:
rlm_ldap: ldap_search() failed: Bad search filter
radiusd.conf:


 ldap ldap1 {
server="mchm967a.tww006.sitest.net "
port=3268
identity="testrad at TDE002.SITEST.NET "
mypass="mypass"
basedn="dc=TDE002,dc=SITEST,dc=NET"
filter="(&(sAMAccountName=28TEF003$)(objectclass=computer)) 
sAMAccountName userAccountControl"
                ldap_debug= 0xFFFF
                ldap_connections_number = 5
                timeout = 40
                timelimit = 30
                net_timeout = 10
                tls {
                }
                dictionary_mapping = ${raddbdir}/ldap.attrmap
        }

rlm_ldap: Bind was successful^M
rlm_ldap: performing search in dc=TDE002,dc=SITEST,dc=NET, with filter 
(&(sAMAccountName=28TEF003$)(objectclass=computer)) sAMAccountName 
userAccountControl^M
ldap_search^M
put_filter: "(&(sAMAccountName=28TEF003$)(objectclass=computer)) 
sAMAccountName userAccountControl"^M
put_filter: AND^M
put_filter_list "(sAMAccountName=28TEF003$)(objectclass=computer)"^M
put_filter: "(sAMAccountName=28TEF003$)"^M
put_filter: simple^M
put_simple_filter: "sAMAccountName=28TEF003$"^M
put_filter: "(objectclass=computer)"^M
put_filter: simple^M
put_simple_filter: "objectclass=computer"^M
put_filter: default^M
put_simple_filter: "sAMAccountName userAccountControl"^M
rlm_ldap: ldap_search() failed: Bad search filter: 
(&(sAMAccountName=28TEF003$)(objectclass=computer)) sAMAccountName 
userAccountControl^M
ldap_msgfree^M
rlm_ldap: search failed^M

What am I doing wrong?
Thanks
Norbert Wegener

More information about the Freeradius-Users mailing list