Radius authentication against LDAP question
g17jimmy
g17jimmy at gmail.com
Thu May 31 23:47:58 CEST 2012
Playing with ldapsearch I see that the search string that radiusd -X is
reporting to use indeed does not work:
=====ldapsearch filter (from radiusd -X)
performing search in cn=accounts,dc=abc,dc=xyz, with filter
(&(cn=newgroup)(&(objectclass=posixGroup)(memberUid=newuser)))
=====
Returns no entries. If I run ldap search with
(&(cn=newgroup)(&(objectclass=posixGroup))) - removing the memberUid entry,
it returns the entry for the group itself, so something is wrong with how I
have the member uid configured.
=====ldapsearch filter (filter trimmed to group)
ldapsearch -x -b cn=accounts,dc=abc,dc=xyz
"(&(cn=newgroup)(&(objectclass=posixGroup)))"
# extended LDIF
#
# LDAPv3
# base <cn=accounts,dc=abc,dc=xyz> with scope subtree
# filter: (&(cn=newgroup)(&(objectclass=posixGroup)))
# requesting: ALL
#
# newgroup, groups, accounts, abc.xyz
dn: cn=newgroup,cn=groups,cn=accounts,dc=abc,dc=xyz
objectClass: top
objectClass: groupofnames
objectClass: nestedgroup
objectClass: ldapsergroup
objectClass: ldapobject
objectClass: posixgroup
cn: newgroup
description: switch administrators
gidNumber: 895800006
ipaUniqueID: 5de42704-ab1d-11e1-8e07-525400579da7
member: uid=newuser,cn=users,cn=accounts,dc=abc,dc=xyz
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
============
Any ideas?
Thanks.
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Radius-authentication-against-LDAP-question-tp5713463p5713483.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list