checking ad membership

Alan DeKok aland at deployingradius.com
Tue Apr 10 16:29:30 CEST 2012


Heinrich, Sebastian wrote:
...
>   [ldap] performing search in cn=group,cn=users,dc=aos-stade,dc=de, with
> filter (&(objectClass=group)(member=)) 
>   [ldap] object not found

  That's pretty definitive.

  Have you tried running the queries by hand, to see what's going on?
That should be pretty obvious...

  Also, does that LDAP query seem well-formed to you?

>   [ldap] performing search in CN=Heinrich\,
> Sebastian,CN=Users,DC=aos-stade,DC=de, with filter (objectclass=*) 
>   [ldap] performing search in CN=group1,CN=Users,DC=aos-stade,DC=de,
> with filter (cn=cn=group,cn=users,dc=domain,dc=de)
>   [ldap] object not found

  That's also pretty definitive.

> Can anybody help me? As I understand the debug the group is checked but
> the user isn’t member of it. I totally sure that I am a member of the group.

  There is no magic here.  You need to ensure that the server is doing
the right queries, and that the queries return the data you expect.

  You haven't done that.

  Alan DeKok.


More information about the Freeradius-Users mailing list