LDAP authentication problem

John Dennis jdennis at redhat.com
Thu Jul 29 19:35:54 CEST 2010


On 07/29/2010 01:08 PM, Sallee, Stephen (Jake) wrote:
> I have correctly configured the LDAP module (I think...)  but when I try
> to authenticate a user I get an error saying the user cannot be found.
> I have attached the debug output.  I have tried turning the "follow
> referrals" and "rebind" vars on and off but I get the same outcome. At
> first, I was getting a timeout error but I increased the timeouts and
> fixed that.
>
> I know the user is correct.  Here is the LDAP string for the user:
>
> LDAP://CN=dspam,OU=InformationTechnology,OU=UsersByDepartment,OU=Adminis
> trative,DC=umhb,DC=edu
>
> Any ideas?

Yes, it's the same one always posted on this list for this question.

Use the ldapsearch command line program and perform the exact same 
search as appears in your debug output. It is critical when you use 
ldapsearch you bind *exactly* the same way the bind is configured in 
rlm_ldap so the search executes with the same ACL's.

Keep iterating using ldapsearch until you get the expected results, then 
adjust your rlm_ldap config to match.

-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



More information about the Freeradius-Users mailing list