LDAP-group filter search is failing
Phil Mayers
p.mayers at imperial.ac.uk
Fri Apr 8 09:46:07 CEST 2011
On 04/07/2011 10:06 PM, joezamosc wrote:
> 2.1.10
>
> Here's a snippet of freeradius -X...
>
> +- entering group post-auth {...}
> [ldap] Entering ldap_groupcmp()
> [files] expand: ou=Departments,dc=corp,dc=development,dc=com ->
> ou=Departments,dc=corp,dc=development,dc=com
> [files] expand: (&(sAMAccountName=%{mschap:User-Name})) ->
> (&(sAMAccountName=RobertTest1))
> [ldap] ldap_get_conn: Checking Id: 0
> [ldap] ldap_get_conn: Got Id: 0
> [ldap] performing search in ou=Departments,dc=corp,dc=development,dc=com,
> with filter (&(sAMAccountName=RobertTest1))
> [ldap] ldap_release_conn: Release Id: 0
> [files] expand:
> (|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))
> ->
You are using Active Directory, and this LDAP filter is invalid.
You want:
(&(objectClass=group)(member=%{control:Ldap-UserDn}))
More information about the Freeradius-Users
mailing list