LDAP-group filter search is failing
Alexander Clouter
alex at digriz.org.uk
Sun Apr 10 13:13:31 CEST 2011
joezamosc <joezamosc at yahoo.com> wrote:
>
> Alexander - you have a point - WANN is under OU - I've made an adjustment in
> modules/ldap and changed groupname_attribute to ou "groupname_attribute =
> ou"
>
'groupname_attribute' should be 'cn', unless your LDAP directory is very
broken ;)
> And after running ldapsearch -h server -x -b dc=corp,dc=development,dc=com ou=wann dn member
> I get...
>
> # extended LDIF
> #
> # LDAPv3
> # base <DC=corp,DC=development,DC=com> with scope subtree
> # filter: ou=wann
> # requesting: ALL
> #
>
> # WANN, Departments, corp.development.com
> dn: OU=WANN,OU=Departments,DC=corp,DC=development,DC=com
> objectClass: top
> objectClass: organizationalUnit
> ou: WANN
> distinguishedName: OU=WANN,OU=Departments,DC=corp,DC=development,DC=com
> instanceType: 4
> whenCreated: 20110405164142.0Z
> whenChanged: 20110405164142.0Z
> uSNCreated: 10913685
> uSNChanged: 10913685
> name: WANN
> objectGUID:: Eqi2LbFChke1MJ1VS9a4GA==
> objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=corp,DC=development,DC=com
>
'ou' is more akin to a 'directory' in a filesystem rather than something
that records any useful information.
What do ldapsearch's give you for 'cn=wann' and
'member=CN=RobertTest1,ou=WANN,ou=Departments,dc=corp,dc=development,dc=com'?
Cheers
--
Alexander Clouter
.sigmonster says: You have a truly strong individuality.
More information about the Freeradius-Users
mailing list