LDAP Authentication: filter problem
Carlos Parada
carlos-f-parada at ptinovacao.pt
Fri Nov 30 19:48:33 CET 2007
Hi all,
I'm using an LDAP-based authentication.
I'd have a simple (typical filter) like this
filter = uid=%{User-Name}
Now, in addition, I'd need to authenticate based on a
Service-Info attribute. So I need something like
filter = "(&(uid=%{User-Name})(radiusServiceInfo=%{Service-Info}))
The problem is that when Service-Info doesn't come in the Radius
packet (because is not mandatory for me), it doesn't work, and I
see on LDAP the following
filter="(&(uid=test1)(?=undefined))"
If Service-Info not present, I would expect something like
filter="(&(uid=test1)(radiusSeviceInfo=))"
Worse, in fact, what I need is a filter slightly different like
filter = "(&(uid=%{User-Name})(!(radiusServiceInfo=%{Service-Info})))
In that case (using the !), the query sent is the following
filter="(&(uid=test1)(?=error))"
I've already search about that on the freeradius mailing-lists
and I didn't saw any report about this problem.
Is that any kind of bug? Or am I doing something wrong?
I appreciate some help.
Best Regards,
Carlos Parada
More information about the Freeradius-Users
mailing list