LDAP Module : basedn empty -> error

Alan DeKok aland at deployingradius.com
Fri Nov 29 16:57:27 CET 2013

Dominique Fournier wrote:
> In the logs, when there is a reject, I can see :
> [ldap-inner-tunnel] performing user authorization for XXXXX
> [ldap-inner-tunnel]     expand: (mail=%{User-Name}) -> (mail=XXXXX.fr)
> [ldap-inner-tunnel]     expand:  ->
>   [ldap-inner-tunnel] unable to create basedn.

  Try creating the basedn which contains only a space.  That might work.

  The LDAP module is generally intended to search within a particular
base DN.  It can be a security risk to allow searching of the entire tree.

  Or, you can configure two LDAP modules.  One to search in .fr, and the
other to search in .org.

  Alan DeKok.

More information about the Freeradius-Users mailing list