Ldap search and AD operations error
Leighton Man
l.j.man at hud.ac.uk
Tue Oct 20 13:40:12 CEST 2009
> Subject: RE: Ldap search and AD operations error
>
> Leighton,
>
> Try using ldapsearch in verbose mode (and debug mode) to get
> more info from AD.
>
> ldapsearch -v -h <AD Server> -D "cn=<account to bind> dc=ad,
> dc=hud, dc=ac, dc=uk" -w <password> -x -b "dc=ad, dc=hud,
> dc=ac, dc=uk"
> "(sAMAccountName=mytestusername)"
>
> >From a Windows machine, you can also use tools from joeware.com, try
> >adfind
> (http://www.joeware.net/freetools/tools/adfind/index.htm).
>
> Once you are able to successfully query AD from a Windows
> machine and/or ldapsearch, update your FR configuration and try again.
>
> Tim
>
Many thanks for the reply Tim and apologies for the long delay before trying this.
Ldapsearch from the command line as you suggest above works fine yet the debug from FR shows this:
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=ad, dc=hud, dc=ac, dc=uk, with filter (sAMAccountName=mytestusername)
rlm_ldap: ldap_search() failed: Operations error
rlm_ldap::ldap_groupcmp: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
The basedn and filter are identical on the command line and in the config. If I specify an AD container in the config, the search succeeds (providing it's the right container, of course )
Any more ideas - I'm really stuck on this one!
Leighton
---
This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability.
More information about the Freeradius-Users
mailing list