LDAP-group filter search is failing

Alexander Clouter alex at digriz.org.uk
Fri Apr 8 10:02:14 CEST 2011


joezamosc <joezamosc at yahoo.com> wrote:
> 
>


> The 10th line from the bottom of the snippet returns with the following...
> 
> rlm_ldap::ldap_groupcmp: ldap_get_values() failed
> 
> I'm waiting for a subsequent "[ldap] performing search in" my DN and to
> match with filter (cn=WANN)
> But it's not happening.
>
It is happening, you have to read the debug ;)
----
[ldap] performing search in ou=Departments,dc=corp,dc=development,dc=com, with filter (&(cn=WANN)(|(&(objectClass=GroupOfNames)(member=CN\3dRobertTest1\2cOU\3dWANN\2cOU\3dDepartments\2cDC\3dcorp\2cDC\3ddevelopment\2cDC\3dcom))(&(objectClass=GroupOfUniqueNames)(uniquemember=CN\3dRobertTest1\2cOU\3dWANN\2cOU\3dDepartments\2cDC\3dcorp\2cDC\3ddevelopment\2cDC\3dcom))))
----

> Any insight?
> 
You are hunting for the group under 
'ou=Departments,dc=corp,dc=development,dc=com', effectively doing:
----
ldapsearch -h server -x -b ou=Departments,dc=corp,dc=development,dc=com '(&(cn=WANN)(|(&(objectClass=GroupOfNames)(member=CN...'
----

I'm guessing that's not where 'cn=WANN' lives? What does the following 
give you?
----
ldapsearch -h server -x -b dc=corp,dc=development,dc=com cn=wann dn member
----

Cheers

-- 
Alexander Clouter
.sigmonster says: Creditor, n.:
                  	A man who has a better memory than a debtor.




More information about the Freeradius-Users mailing list