LDAP basedn context
Matt McFarlane
Matt.McFarlane at wheaton.edu
Tue Jun 14 18:14:10 CEST 2005
Correct, it is unable to find the user. When set at a higher context I receive the following error:
rlm_ldap: performing search in o=wheaton, with filter (cn=testacct)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
My ldap config is as follows. If I change the basedn to where the user is located (ou=cs,ou=srvc,o=wheaton) then it works.
ldap test-ldap{
server = "ldapserver.wheaton.edu"
identity = "cn=admin,o=wheaton"
password = password
basedn = "o=wheaton"
filter = "(cn=%{Stripped-User-Name:-%{User-Name}})"
start_tls = yes
tls_cacertfile = /etc/raddb/certs/wheatonCA/wheatonca.b64
tls_require_cert = "demand"
access_attr = "cn"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
password_attribute = nspmPassword
timeout = 4
timelimit = 3
net_timeout = 1
}
matt...
>> Is it possible to specify the basedn above where the users are actually
>> located and have freeradius find the user in a subcontext? For instance
>> if my ldap is setup as ou=users1,ou=loc1,o=org and
>> ou=users2,ou=loc2,ou=o=org can I specify basedn="o=org" and find users
>> in both users1 and users2?
>>
>> Thanks.
>
>I think so, is it not working for you?
More information about the Freeradius-Users
mailing list