LDAP group-checking - missing user-dn in filter

Jason Long jlong at messiah.edu
Mon Aug 18 18:07:13 CEST 2008

>>>> Alan DeKok <aland at deployingradius.com> 8/18/08 12:02 PM >>>
>Jason Long wrote:
>>         expand: (&(objectClass=groupOfNames)(member=%{Ldap-UserDn})) ->
>> (&(objectClass=groupOfNames)(member=))
>> The search filter should contain something like
>> (member=cn=georget,ou=student,o=mc), but instead it has (member=).
>> Is %{Ldap-UserDn} not correct? I got it right out of the sample
>> configuration...
>  In 2.0.5, it's been moved to %{control:LDAP-UserDn}.  This should be
>better documented...

That did it. It's now working for me.

Thanks so much!

(I'll follow-up with a patch for the documentation.)


More information about the Freeradius-Users mailing list