simple Ldap-group search

cxu cxu at unbsj.ca
Thu Jan 24 16:02:10 CET 2008


Background:

 

When a user associated with the ssid Guest, the user will authenticate
against a FreeRadius server.  If he has a university account, the FreeRadius
server will authenticate him via LDAP.  If he does not have a university
account, the FreeRadius server will do the authentication with a guest
account database.

 

 

Goal:

 

To reduce the chance to do the LDAP search, the LDAP-group search is
successful if the user is in the LDAP and no matter which LDAP group he is
in.

 

 

My shot and the problem:

 

I am trying to do a wildcard search in LDAP-Group search, but it looks like
the wildcard could not work.

 

Related entries in the file users,

 

<omitted>

 

DEFAULT Called-Station-Id =~ ".*Guest", myldap-Ldap-Group == "*", Autz-Type
:= Ldap1, Auth-Type := Ldap1

 

DEFAULT Called-Station-Id =~ ".*Guest", Group == "guest", Autz-Type := Web,
Auth-Type := System

 

<omitted>

 

 

Debug output,

 

<output omitted>

 

rlm_ldap: performing search in ou=people,dc=myuniv,dc=ca, with filter
(&(cn=*)(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUnique
Names)(uniquemember=))))

 

<output omitted>

 

rlm_ldap::groupcmp: Group * not found or user not a member

rlm_ldap: ldap_release_conn: Release Id: 0

++[files] returns noop

rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.

++[pap] returns noop

auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user

auth: Failed to validate the user.

Login incorrect: [cxu] (from client localhost port 0)

Delaying reject of request 0 for 1 seconds

Going to the next request

Waking up in 0.9 seconds.

Sending delayed reject for request 0

 

Questions:

 

1.	Is there any way to make the wildcard LDAP-group search work?
2.	Whether unlang could be applied here and how?
3.	Any advice?

 

Thanks!

 

Andrew

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080124/5860b289/attachment.html>


More information about the Freeradius-Users mailing list