LDAP-group filter search is failing
Alexander Clouter
alex at digriz.org.uk
Fri Apr 8 10:02:14 CEST 2011
joezamosc <joezamosc at yahoo.com> wrote:
>
>
> The 10th line from the bottom of the snippet returns with the following...
>
> rlm_ldap::ldap_groupcmp: ldap_get_values() failed
>
> I'm waiting for a subsequent "[ldap] performing search in" my DN and to
> match with filter (cn=WANN)
> But it's not happening.
>
It is happening, you have to read the debug ;)
----
[ldap] performing search in ou=Departments,dc=corp,dc=development,dc=com, with filter (&(cn=WANN)(|(&(objectClass=GroupOfNames)(member=CN\3dRobertTest1\2cOU\3dWANN\2cOU\3dDepartments\2cDC\3dcorp\2cDC\3ddevelopment\2cDC\3dcom))(&(objectClass=GroupOfUniqueNames)(uniquemember=CN\3dRobertTest1\2cOU\3dWANN\2cOU\3dDepartments\2cDC\3dcorp\2cDC\3ddevelopment\2cDC\3dcom))))
----
> Any insight?
>
You are hunting for the group under
'ou=Departments,dc=corp,dc=development,dc=com', effectively doing:
----
ldapsearch -h server -x -b ou=Departments,dc=corp,dc=development,dc=com '(&(cn=WANN)(|(&(objectClass=GroupOfNames)(member=CN...'
----
I'm guessing that's not where 'cn=WANN' lives? What does the following
give you?
----
ldapsearch -h server -x -b dc=corp,dc=development,dc=com cn=wann dn member
----
Cheers
--
Alexander Clouter
.sigmonster says: Creditor, n.:
A man who has a better memory than a debtor.
More information about the Freeradius-Users
mailing list