Freeradius with openldap

Andres Septer andres.septer at
Tue Nov 12 08:25:42 CET 2013

2013/11/12 Mik J <mikydevel at>

> I'm confuse how freeradius will proceed
> - Search for myuser in the ldap using the account I provided in
> modules/ldap
> - Check the users password

You can turn on LDAP debug, it helped me a lot. Check last section of ldap
module config
<------>#  ldap_debug: debug flag for LDAP SDK
<------>#  (see OpenLDAP documentation).  Set this to enable
<------>#  huge amounts of LDAP debugging on the screen.
<------>#  You should only use this if you are an LDAP expert.
<------>#<----->default: 0x0000 (no debugging messages)
<------>ldap_debug = 0x0028.

> groupmembership_filter = "(&(objectclass=posixGroup)(memberUid=%u))"

My groupmembership filter in 2.1.1 looks like this

<------>groupmembership_filter =
<------> groupmembership_attribute = radiusGroupName

Config syntax seems to hint that you have very old freeradius. Which

 Groups can be checked via LDAP-group variable

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list