LDAP Groups and EAP

John Dennis jdennis at redhat.com
Wed Jan 16 16:53:21 CET 2008


Alan DeKok wrote:
> Brian Wilson wrote:
>> I tried updating to version 2.0.  I like the debug interface much
>> better, it makes it alot easier to read.  Nice job!
> 
>   Thanks.  It was a fair amount of work, but I think it's worth it.
> 
>> Unfortunately, this upgrade introduced a new issue for me.  When doing
>> group ldap searches, it looks like the Ldap-UserDN variable doesn't get
>> populated.  The server successfully binds and finds the user, but in the
>> expand section:
> 
>   Hmm... I don't think that code was changed at all in 2.0.  I don't use
> the LDAP module much, so I'm not sure what else to say...
> 
>   Where is the LDAP-UserDN being set from?

It is set by rlm_ldap by performing an LDAP search on the USER_NAME 
attribute. If the search succeeds the ldap-userdn is set to the dn the 
user name was found under. This dn can then be used to efficiently point 
to the user data in the LDAP tree, think of it as a pointer (cursor) to 
be used in future LDAP queries in subsequent processing.
-- 
John Dennis <jdennis at redhat.com>



More information about the Freeradius-Users mailing list