LDAP Authentication: filter problem

Carlos Parada carlos-f-parada at ptinovacao.pt
Fri Nov 30 19:48:33 CET 2007


Hi all,

I'm using an LDAP-based authentication.
I'd have a simple (typical filter) like this

filter = uid=%{User-Name}

Now, in addition, I'd need to authenticate based on a
Service-Info attribute. So I need something like

filter = "(&(uid=%{User-Name})(radiusServiceInfo=%{Service-Info}))

The problem is that when Service-Info doesn't come in the Radius 
packet (because is not mandatory for me), it doesn't work, and I
see on LDAP the following

filter="(&(uid=test1)(?=undefined))"

If Service-Info not present, I would expect something like

filter="(&(uid=test1)(radiusSeviceInfo=))"

Worse, in fact, what I need is a filter slightly different like

filter = "(&(uid=%{User-Name})(!(radiusServiceInfo=%{Service-Info})))

In that case (using the !), the query sent is the following

filter="(&(uid=test1)(?=error))"


I've already search about that on the freeradius mailing-lists
and I didn't saw any report about this problem.

Is that any kind of bug? Or am I doing something wrong?
I appreciate some help.


Best Regards,
Carlos Parada





More information about the Freeradius-Users mailing list