LDAP group-checking - missing user-dn in filter

Jason Long jlong at messiah.edu
Mon Aug 18 18:07:13 CEST 2008


>>>> Alan DeKok <aland at deployingradius.com> 8/18/08 12:02 PM >>>
>Jason Long wrote:
>>         expand: (&(objectClass=groupOfNames)(member=%{Ldap-UserDn})) ->
>> (&(objectClass=groupOfNames)(member=))
>> 
>> The search filter should contain something like
>> (member=cn=georget,ou=student,o=mc), but instead it has (member=).
>> 
>> Is %{Ldap-UserDn} not correct? I got it right out of the sample
>> configuration...
>
>  In 2.0.5, it's been moved to %{control:LDAP-UserDn}.  This should be
>better documented...



That did it. It's now working for me.

Thanks so much!

(I'll follow-up with a patch for the documentation.)

Jason



More information about the Freeradius-Users mailing list