Receivin a full DN in a radius request
Jean-Francois Gobin
gobin at gobinjf.be
Wed Sep 14 11:03:32 CEST 2005
Here is my whole ldap definition :
ldap {
server = "ldap.xxxx.xxx"
# identity = "cn=admin,o=My Org,c=UA"
# password = mypass
basedn = " "
filter = "(%{User-Name})"
# base_filter = "(objectclass=radiusprofile)"
# set this to 'yes' to use TLS encrypted connections
# to the LDAP database by using the StartTLS extended
# operation.
# The StartTLS operation is supposed to be used with
normal
# ldap connections instead of using ldaps (port 689)
connections
start_tls = no
# tls_cacertfile = /path/to/cacert.pem
# tls_cacertdir = /path/to/ca/dir/
# tls_certfile = /path/to/radius.crt
# tls_keyfile = /path/to/radius.key
# tls_randfile = /path/to/rnd
# tls_require_cert = "demand"
# default_profile = "cn=radprofile,ou=dialup,o=My
Org,c=UA"
# profile_attribute = "radiusProfileDn"
# access_attr = "dialupAccess"
# Mapping of RADIUS dictionary attributes to LDAP
# directory attributes.
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
#
# NOTICE: The password_header directive is NOT case
insensitive
#
# password_header = "{clear}"
#
# Set:
# password_attribute = nspmPassword
#
# to get the user's password from a Novell eDirectory
# backend. This will work *only if* freeRADIUS is
# configured to build with --with-edir option.
#
#
# The server can usually figure this out on its own, and
pull
# the correct User-Password or NT-Password from the
database.
#
# Note that NT-Passwords MUST be stored as a 32-digit hex
# string, and MUST start off with "0x", such as:
#
# 0x000102030405060708090a0b0c0d0e0f
#
# Without the leading "0x", NT-Passwords will not work.
# This goes for NT-Passwords stored in SQL, too.
#
# password_attribute = userPassword
#
# Un-comment the following to disable Novell eDirectory
account
# policy check and intruder detection. This will work
*only if*
# FreeRADIUS is configured to build with --with-edir
option.
#
# edir_account_policy_check=no
#
# groupname_attribute = cn
# groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqu
eNames)(uniquemember=%{Ldap-UserDn})))"
# groupmembership_attribute = radiusGroupName
timeout = 4
timelimit = 3
net_timeout = 1
# compare_check_items = yes
# do_xlat = yes
# access_attr_used_for_allow = yes
}
On Tue, 13 Sep 2005, Nicolas Baradakis wrote:
> Jean-Francois Gobin wrote:
>
>> rlm_ldap: - authorize
>> rlm_ldap: performing user authorization for uid=P06227,ou=people,o=nrb,c=be
>> radius_xlat: '(uid)'
>> radius_xlat: ' '
>> rlm_ldap: ldap_get_conn: Checking Id: 0
>> rlm_ldap: ldap_get_conn: Got Id: 0
>> rlm_ldap: performing search in , with filter (uid)
>> rlm_ldap: ldap_search() failed: Bad search filter: (uid)
>
> What is your filter in section ldap of radiusd.conf ?
>
> --
> Nicolas Baradakis
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
----------
Jean-Francois Gobin - Administrateur gobinjf.be
http://www.gobinjf.be mailto:gobin at gobinjf.be
More information about the Freeradius-Users
mailing list