Radius authentication against LDAP question

g17jimmy g17jimmy at gmail.com
Thu May 31 23:47:58 CEST 2012


Playing with ldapsearch I see that the search string that radiusd -X is
reporting to use indeed does not work:
=====ldapsearch filter (from radiusd -X)
performing search in cn=accounts,dc=abc,dc=xyz, with filter
(&(cn=newgroup)(&(objectclass=posixGroup)(memberUid=newuser))) 
=====

Returns no entries. If I run ldap search with
(&(cn=newgroup)(&(objectclass=posixGroup))) - removing the memberUid entry,
it returns the entry for the group itself, so something is wrong with how I
have the member uid configured. 

=====ldapsearch filter (filter trimmed to group)
ldapsearch -x -b cn=accounts,dc=abc,dc=xyz
"(&(cn=newgroup)(&(objectclass=posixGroup)))"
# extended LDIF
#
# LDAPv3
# base <cn=accounts,dc=abc,dc=xyz> with scope subtree
# filter: (&(cn=newgroup)(&(objectclass=posixGroup)))
# requesting: ALL
#

# newgroup, groups, accounts, abc.xyz
dn: cn=newgroup,cn=groups,cn=accounts,dc=abc,dc=xyz
objectClass: top
objectClass: groupofnames
objectClass: nestedgroup
objectClass: ldapsergroup
objectClass: ldapobject
objectClass: posixgroup
cn: newgroup
description: switch administrators
gidNumber: 895800006
ipaUniqueID: 5de42704-ab1d-11e1-8e07-525400579da7
member: uid=newuser,cn=users,cn=accounts,dc=abc,dc=xyz

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
============

Any ideas?
Thanks.

--
View this message in context: http://freeradius.1045715.n5.nabble.com/Radius-authentication-against-LDAP-question-tp5713463p5713483.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.


More information about the Freeradius-Users mailing list