AD ldap bind works with 1.01, fails with 1.04
Alan DeKok
aland at ox.org
Tue Jan 24 18:16:24 CET 2006
Stephen Walsh <S.Walsh at signadou.acu.edu.au> wrote:
> ldap_search() failed: Operations error
It's a combination of factors. What's happening is that your LDAP
search isn't fully qualified, so when something isn't found in
"students", AD returns a referral to "staff". OpenLDAP fails to use
the authentication credentials for the referral that it was given for
the original query.
And lo, "operations error", which is such a useful message.
It's a cross-domain referral problem. You have a "staff" domain,
and a "student" domain, each of which trusts each other in AD.
The solution is to fully qualify all of the queries so that AD
doesn't return a referral. Usually adding "ou=people" (or something
like that) will usually do the trick.
Alan DeKok.
More information about the Freeradius-Users
mailing list