Searching Subcontexts in eDir

jp at jp at
Tue Jul 19 20:10:08 CEST 2005

I am running FreeRADIUS 1.0.4 on FreeBSD 4.11 authenticate/authorize users via
LDAP on a NetWare 6.5 server/tree.

I can successfully authenticate and authorize users if they reside in the root
context (o=<rootcontext>), but authorize fails if the user is in an ou in the
root context.  The "identity" user in the ldap modules section is an admin

Also, if I change the basedn to the subcontext
(ou=<subcontext>,o=<rootcontext>), it still fails.

Relevant info from radtest:

radtest gwaccesspo1 <password> localhost 10 testing123

The gwaccesspo1 user's context is as follows:

Relevant info from radiusd.conf:

server = ""
identity = "cn=raduser,o=services"
password = "<password>"
basedn = "o=services"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
-----snip----- is an admin equivalent.

Relevant info from debug:

rlm_ldap: - authorize
rlm_ldap: performing user authorization for gwaccesspo1
radius_xlat:  '(uid=gwaccesspo1)'
radius_xlat:  'o=services'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to, authentication 0
rlm_ldap: bind as cn=raduser,o=services/<password> to
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in o=services, with filter (uid=gwaccesspo1)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed

The "gwaccesspo1" user above resides in ou=gw,o=services.  As mentioned above,
even if I set the basedn to ou=gw,o=services, I still get the "object not found"

Thanks in advance for any suggestions.


More information about the Freeradius-Users mailing list