Ldap search and AD operations error

Alan DeKok aland at deployingradius.com
Sat Oct 10 09:01:19 CEST 2009


Leighton Man wrote:
> I have, in the ldap module configuration:
> 
>  chase_referrals = yes
>         rebind = yes

  That's good...

> I'm running version 2.1.6 on Solaris doing lookups against Active Directory.
> 
> I get, in the debug:
> 
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in dc=ad, dc=hud, dc=ac, dc=uk, with filter (sAMAccountName=mytestusername)
> rlm_ldap: ldap_search() failed: Operations error
> rlm_ldap::ldap_groupcmp: search failed

  That's bad.

> Has anyone got latest information on what causes this or how to fix it. I have a workaround but it's not ideal.
> I assume trying to get more helpful information out of Microsoft AD is pretty futile but has anyone any clues as to what "operations error" realy means? The workaround is to specify a container in the search but as the number of possible containers for a search increases things rapidly begin to get out of hand .....

  Microsoft says "it means error in operation".  Nice.

  How many AD servers do you have?  Is the FreeRADIUS server (i.e. admin
account) allowed to do the queries?[

  Alan DeKok.



More information about the Freeradius-Users mailing list