LDAP-group filter search is failing

joezamosc joezamosc at yahoo.com
Thu Apr 7 23:06:47 CEST 2011 

2.1.10

Here's a snippet of freeradius -X...

+- entering group post-auth {...}
  [ldap] Entering ldap_groupcmp()
[files]         expand: ou=Departments,dc=corp,dc=development,dc=com ->
ou=Departments,dc=corp,dc=development,dc=com
[files]         expand: (&(sAMAccountName=%{mschap:User-Name})) ->
(&(sAMAccountName=RobertTest1))
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in ou=Departments,dc=corp,dc=development,dc=com,
with filter (&(sAMAccountName=RobertTest1))
  [ldap] ldap_release_conn: Release Id: 0
[files]         expand:
(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))
->
(|(&(objectClass=GroupOfNames)(member=CN\3dRobertTest1\2cOU\3dWANN\2cOU\3dDepartments\2cDC\3dcorp\2cDC\3ddevelopment\2cDC\3dcom))(&(objectClass=GroupOfUniqueNames)(uniquemember=CN\3dRobertTest1\2cOU\3dWANN\2cOU\3dDepartments\2cDC\3dcorp\2cDC\3ddevelopment\2cDC\3dcom)))
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in ou=Departments,dc=corp,dc=development,dc=com,
with filter
(&(cn=WANN)(|(&(objectClass=GroupOfNames)(member=CN\3dRobertTest1\2cOU\3dWANN\2cOU\3dDepartments\2cDC\3dcorp\2cDC\3ddevelopment\2cDC\3dcom))(&(objectClass=GroupOfUniqueNames)(uniquemember=CN\3dRobertTest1\2cOU\3dWANN\2cOU\3dDepartments\2cDC\3dcorp\2cDC\3ddevelopment\2cDC\3dcom))))
  [ldap] object not found
  [ldap] ldap_release_conn: Release Id: 0
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in
CN=RobertTest1,OU=WANN,OU=Departments,DC=corp,DC=development,DC=com, with
filter (objectclass=*)
rlm_ldap::ldap_groupcmp: ldap_get_values() failed
  [ldap] ldap_release_conn: Release Id: 0
++[files] returns noop
Sending Access-Accept of id 100 to 192.168.100.2 port 1645
        User-Name = "DEVELOPMENT\\RobertTest1"
        MS-MPPE-Recv-Key =
0xa873077b6643bb983d8dbf04da66667699d7832fe38f78c5458b0318eaa27db6
        MS-MPPE-Send-Key =
0x866779d60ae2e9da0a928ebfb1f20e2f5e26dc05d050075dc8e65210e2946936
        EAP-Message = 0x030a0004
        Message-Authenticator = 0x00000000000000000000000000000000
Finished request 8.





This is in my postauth_users file...
DEFAULT Huntgroup-Name == Switches, Ldap-Group == "WANN"
        Service-Type = "Framed-User",
        Tunnel-Type = "VLAN",
        Tunnel-Medium-Type = "IEEE-802",
        Tunnel-Private-Group-Id = "dragons_cave"


The 10th line from the bottom of the snippet returns with the following...

rlm_ldap::ldap_groupcmp: ldap_get_values() failed

I'm waiting for a subsequent "[ldap] performing search in" my DN and to
match with filter (cn=WANN)
But it's not happening.

Any insight?





Thx.
Joe



--
View this message in context: http://freeradius.1045715.n5.nabble.com/LDAP-group-filter-search-is-failing-tp4289457p4289457.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

More information about the Freeradius-Users mailing list