ldap groups

alan walters alan at aillweecave.ie
Tue Jun 28 16:18:39 CEST 2005 

Below is a snip from my radius group search. And below this is the group portion of my radiusd.conf can someone let me know where I am going wrong???
I would like to know how to stop it doing the second search on my ldap for the objectclass = *
 
I don't mind the first one because it has to search ith the filter I asked it to search with but the object class filter search was not asked to be done.
Attaché is the snip from my radiusd.conf as well 
 
 
rlm_ldap: Bind was successful
rlm_ldap: performing search in o=clients,dc=radiowave,dc=net, with filter (&(radiusGroupName=lisdoonvarna)(mail=alan at radiowave.net))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in mail=alan at radiowave.net,vd=radiowave.net,o=clients,dc=radiowave,dc=net, with filter (objectclass=*)
rlm_ldap::groupcmp: Group lisdoonvarna not found ????or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat:  'o=clients,dc=radiowave,dc=net'
radius_xlat:  '(mail=alan at radiowave.net)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=clients,dc=radiowave,dc=net, with filter (&(radiusGroupName=ballyvaughan)(mail=alan at radiowave.net))
rlm_ldap::ldap_groupcmp: User found in group ballyvaughan
rlm_ldap: ldap_release_conn: Release Id: 0
 
 
       ldap   ldap2 {
              server = "10.250.3.204"
              identity = "cn=xxx,dc=radiowave,dc=net"
              password = xxxxxxxxxxxx
              basedn = "o=clients,dc=radiowave,dc=net"
              filter = "(mail=%{User-Name})"
              start_tls = no
              access_attr = "dialupAccess"
              dictionary_mapping = ${raddbdir}/ldap.attrmap
              ldap_connections_number = 5
              #password_header = "{crypt}"
              password_attribute = userPassword
              groupname_attribute = radiusGroupName
              groupmembership_attribute = radiusGroupName
              groupmembership_filter = "(mail=%{User-Name})"
              timeout = 4
              timelimit = 3
              net_timeout = 1
              # compare_check_items = yes
              # access_attr_used_for_allow = yes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050628/276c5805/attachment.html>

More information about the Freeradius-Users mailing list