Searching Subcontexts in eDir
jp at joshmp.com
jp at joshmp.com
Tue Jul 19 20:10:08 CEST 2005
I am running FreeRADIUS 1.0.4 on FreeBSD 4.11 authenticate/authorize users via
LDAP on a NetWare 6.5 server/tree.
I can successfully authenticate and authorize users if they reside in the root
context (o=<rootcontext>), but authorize fails if the user is in an ou in the
root context. The "identity" user in the ldap modules section is an admin
equivalent.
Also, if I change the basedn to the subcontext
(ou=<subcontext>,o=<rootcontext>), it still fails.
Relevant info from radtest:
-----snip-----
radtest gwaccesspo1 <password> localhost 10 testing123
-----snip-----
The gwaccesspo1 user's context is as follows:
cn=gwacesspo1,ou=gw,o=services
Relevant info from radiusd.conf:
-----snip-----
server = "10.254.8.25"
identity = "cn=raduser,o=services"
password = "<password>"
basedn = "o=services"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
-----snip-----
raduser.services is an admin equivalent.
Relevant info from debug:
-----snip-----
rlm_ldap: - authorize
rlm_ldap: performing user authorization for gwaccesspo1
radius_xlat: '(uid=gwaccesspo1)'
radius_xlat: 'o=services'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 10.254.8.25:389, authentication 0
rlm_ldap: bind as cn=raduser,o=services/<password> to 10.254.8.25:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in o=services, with filter (uid=gwaccesspo1)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
-----snip-----
The "gwaccesspo1" user above resides in ou=gw,o=services. As mentioned above,
even if I set the basedn to ou=gw,o=services, I still get the "object not found"
error.
Thanks in advance for any suggestions.
Josh
More information about the Freeradius-Users
mailing list