freeradius ldap connector

jerrrry at voila.fr jerrrry at voila.fr
Fri Mar 9 09:30:53 CET 2007


Hi,
you can see the debug. there are 7 searches for an uid that doesn't exist in the ldap directory:

rlm_ldap: - authorize
rlm_ldap: performing user authorization for X06dfdgdg
radius_xlat: '(uid=X06dfdgdg)'
radius_xlat: 'ou=PERSONNES,o=sg'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldaps://ldap-homo.sesme.group.scen, authentication 0
rlm_ldap: setting TLS CACert File to /etc/openldap/cacerts/cat-caconcerto-sogepa ss.pem
rlm_ldap: setting TLS Require Cert to demand
rlm_ldap: bind as sgzoneid=guards,ou=eloit,ou=personnes,o=sg/ghkhkk to ldaps: //ldap-homo.sesame.group.socgen
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=PERSONNES,o=sg'
radius_xlat: '(uid=X06dfdgdg)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap::ldap_groupcmp: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=PERSONNES,o=sg'
radius_xlat: '(uid=X06dfdgdg)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap::ldap_groupcmp: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=PERSONNES,o=sg'
radius_xlat: '(uid=X06dfdgdg)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap::ldap_groupcmp: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched DEFAULT at 116
modcall[authorize]: module "files" returns ok for request 0
modcall: group group returns ok for request 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=PERSONNES,o=sg'
radius_xlat: '(uid=X06dfdgdg)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap::ldap_groupcmp: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=PERSONNES,o=sg'
radius_xlat: '(uid=X06dfdgdg)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap::ldap_groupcmp: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=PERSONNES,o=sg'
radius_xlat: '(uid=X06dfdgdg)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap::ldap_groupcmp: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched DEFAULT at 116
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type Reject
rad_check_password: Auth-Type = Reject, rejecting user
auth: Failed to validate the user.
Login incorrect (rlm_ldap: User not found): [X06dfdgdg] (from client sdfsfds por t 1 cli 192.18.136.19)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 165 to 192.18.136.44:1812
Reply-Message = "forbidden."
Waking up in 4 seconds...

> Message du 06/03/07 à 11h58
> De : "Michael Mitchell" 
> A : "FreeRadius users mailing list" 
> Copie à : 
> Objet : Re: freeradius ldap connector
> 
> jerrrry at voila.fr wrote:
> > I notice that Freeradius tries 6 times to find a user in my LDAP 
> > directory when this user doesn't existe.
> > 
> 
> err, really? During authorisation (where a search is performed by a priviledged user) or during authentication (where an attempt may be made to bind to LDAP as the customer)?
> 
> What does the debug say? (run radiusd with the -X flag).
> 
> 
> > Is there a mean to make freeradius tries only one time ?
> 
> It only tries once for me, but I only do LDAP "authorisation".
> 
> regards,
> Mike
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070309/7afb152c/attachment.html>


More information about the Freeradius-Users mailing list