LDAP group-checking - missing user-dn in filter
Jason Long
jlong at messiah.edu
Mon Aug 18 18:07:13 CEST 2008
>>>> Alan DeKok <aland at deployingradius.com> 8/18/08 12:02 PM >>>
>Jason Long wrote:
>> expand: (&(objectClass=groupOfNames)(member=%{Ldap-UserDn})) ->
>> (&(objectClass=groupOfNames)(member=))
>>
>> The search filter should contain something like
>> (member=cn=georget,ou=student,o=mc), but instead it has (member=).
>>
>> Is %{Ldap-UserDn} not correct? I got it right out of the sample
>> configuration...
>
> In 2.0.5, it's been moved to %{control:LDAP-UserDn}. This should be
>better documented...
That did it. It's now working for me.
Thanks so much!
(I'll follow-up with a patch for the documentation.)
Jason
More information about the Freeradius-Users
mailing list