LDAP groups and profiles
Chris Taylor
Chris.Taylor at corp.eastlink.ca
Thu Feb 7 15:51:10 CET 2013
> I added this to the users file
>
> DEFAULT ldap1.REALM-2.ca-Ldap-Group == residential_profile
>
> But I get this error when I fire up radius -X
>
>
> /etc/raddb/users[222]: Parse error (check) for entry DEFAULT:
> expecting operator Errors reading /etc/raddb/users
Wild guess, but you might try a simpler module name e.g. "ldap2" instead of "ldap2.some.dots-and.hyphens".
Phil I gave that a try but ended up with the same result.
Chris
I was able to get this working by adding that ldap instance to the instantiate section of radius.conf. I can do a query successfully from LDAP now and pull the group info, but during the query I am seeing first a failed query then a successful query how could I go about fixing this? I believe it's the groupmembership_filter settings but I left them to the default values which seems to be the consensus on the mailing list.
############ radius -X output #########
[REALM1] Entering ldap_groupcmp()
[files] expand: ou=radius,o=realm1.ca,dc=company,dc=ca -> ou=radius,o=realm1.ca,dc=company,dc=ca
[files] expand: (|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) -> (|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=)))
[REALM1] ldap_get_conn: Checking Id: 0
[REALM1] ldap_get_conn: Got Id: 0
[REALM1] performing search in ou=radius,o=realm1.ca,dc=company,dc=ca, with filter (&(cn=residential_profile)(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=))))
[REALM1] object not found
[REALM1] ldap_release_conn: Release Id: 0
[REALM1] ldap_get_conn: Checking Id: 0
[REALM1] ldap_get_conn: Got Id: 0
[REALM1] performing search in uid=112boy,ou=radius,o=realm1.ca,dc=company,dc=ca, with filter (objectclass=*)
rlm_ldap::ldap_groupcmp: User found in group residential_profile
[REALM1] ldap_release_conn: Release Id: 0
###################################
### Group section of LDAP module #####
groupname_attribute = cn
groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
groupmembership_attribute = radiusGroupName
#########################################
##### LDAP entry for an account I am querying against ######
dn: uid=112boy,ou=radius,o=realm1.ca,dc=company,dc=ca
uid: 112boy
userPassword: XXXX
objectClass:top
objectClass: posixAccount
objectClass: radiusProfile
uidNumber: 1100
gidNumber:1100
radiusSimultaneousUse: 099
radiusAuthType: PAP
homeDirectory: //
radiusGroupName: residential_profile
cn: TRUE
###########################################
I do get a successful query I would just like to figure out how to get it to resolve on the first attempt.
Thanks,
Chris
-----Original Message-----
From: freeradius-users-bounces+chris.taylor=corp.eastlink.ca at lists.freeradius.org [mailto:freeradius-users-bounces+chris.taylor=corp.eastlink.ca at lists.freeradius.org] On Behalf Of Phil Mayers
Sent: Tuesday, February 05, 2013 11:23 AM
To: freeradius-users at lists.freeradius.org
Subject: Re: LDAP groups and profiles
On 05/02/13 15:50, Chris Taylor wrote:
> I added this to the users file
>
> DEFAULT ldap1.REALM-2.ca-Ldap-Group == residential_profile
>
> But I get this error when I fire up radius -X
>
>
> /etc/raddb/users[222]: Parse error (check) for entry DEFAULT:
> expecting operator Errors reading /etc/raddb/users
Wild guess, but you might try a simpler module name e.g. "ldap2" instead of "ldap2.some.dots-and.hyphens".
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list