AD Authentication Permissions

[John Dennis]

On 01/09/2013 05:10 PM, Tyler Brady wrote:
> I think my bind is working fine now, but my basedn = "o=My Org,c=UA"  field is still wrong. I'm still not sure of the syntax. Any suggestions?

I don't see a basedn of "o=My Org,c=UA" anywhere, however I do see a 
basedn of "ou=Phoenix_Users,dc=company,dc=stc"

Hint, rlm_ldap is simply doing what the ldapsearch command does. Try 
using ldapsearch giving it the parameters you expect to be correct, 
iterate until the search succeeds, then use those same parameters in 
your radius ldap config.

BTW, your ldap password "Sup3rS3cret" is no longer super secret ;-)

>
> [ldap] ldap_get_conn: Checking Id: 0
>    [ldap] ldap_get_conn: Got Id: 0
>    [ldap] attempting LDAP reconnection
>    [ldap] (re)connect to office.company.stc:389, authentication 0
>    [ldap] bind as cn=user name,ou=Phoenix_Users,dc=company,dc=stc/Sup3rS3cret to office.company.stc:389
>    [ldap] waiting for bind result ...
>    [ldap] Bind was successful
>    [ldap] performing search in ou=Phoenix_Users,dc=company,dc=stc, with filter (uid=tbrady)
>    [ldap] object not found
> rlm_ldap::ldap_groupcmp: search failed
>    [ldap] ldap_release_conn: Release Id: 0
> ++[files] returns noop
> [ldap] performing user authorization for tbrady
> [ldap] 	expand: %{Stripped-User-Name} ->
> [ldap] 	... expanding second conditional
> [ldap] 	expand: %{User-Name} -> tbrady
> [ldap] 	expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=tbrady)
> [ldap] 	expand: ou=Phoenix_Users,dc=company,dc=stc -> ou=Phoenix_Users,dc=company,dc=stc
>    [ldap] ldap_get_conn: Checking Id: 0
>    [ldap] ldap_get_conn: Got Id: 0
>    [ldap] performing search in ou=Phoenix_Users,dc=company,dc=stc, with filter (uid=tbrady)
>    [ldap] object not found
> [ldap] search failed
>    [ldap] ldap_release_conn: Release Id: 0
> ++[ldap] returns notfound



-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/