Freeradius and group membership check
Vlad Glagolev
stealth at sourcemage.org
Thu Aug 11 16:01:28 CEST 2011
Hello there,
I'm here to say that I've found kind of misconfiguration/bug in Freeradius.
The version is 2.1.10, and the platform is i386 (i686) OpenBSD.
when I try to use group membership check, I see strange behaviour: instead of commas there are symbols (those are in ASCII?) like that:
[files] expand: (|(&(objectClass=PosixGroup)(memberUnixUserName=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn}))) -> (|(&(objectClass=PosixGroup)(memberUnixUserName=uid\3dtest\2cou\3dIT\2cou\3dDepartments\2cou\3ddom.tld\2cou\3dDomains\2cou\3dUsers\2cdc\3ddomain\2cdc\3dtld))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid\3dtest\2cou\3dIT\2cou\3dDepartments\2cou\3ddom.tld\2cou\3dDomains\2cou\3dUsers\2cdc\3ddomain\2cdc\3dtld)))
of course if I use %{User-Name} instead of %{control:Ldap-UserDn} it works well (with simplified search filter, but it's the same with that above):
[files] expand: (&(objectClass=posixGroup)(memberUnixUserName=%{User-Name})) -> (&(objectClass=posixGroup)(memberUnixUserName=test))
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in dc=domain,dc=tld, with filter (&(cn=disabled)(&(objectClass=posixGroup)(memberUnixUserName=test)))
rlm_ldap::ldap_groupcmp: User found in group disabled
is this a known behaviour?
thanks in advance
--
Dont wait to die to find paradise...
--
Cheerz,
Vlad "Stealth" Glagolev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110811/cceea376/attachment.pgp>
More information about the Freeradius-Users
mailing list