LDAP Module : basedn empty -> error

Arran Cudbard-Bell a.cudbardb at freeradius.org
Fri Nov 29 17:07:50 CET 2013

On 29 Nov 2013, at 15:57, Alan DeKok <aland at deployingradius.com> wrote:

> Dominique Fournier wrote:
>> In the logs, when there is a reject, I can see :
>> [ldap-inner-tunnel] performing user authorization for XXXXX
>> [ldap-inner-tunnel]     expand: (mail=%{User-Name}) -> (mail=XXXXX.fr)
>> [ldap-inner-tunnel]     expand:  ->
>>  [ldap-inner-tunnel] unable to create basedn.
>  Try creating the basedn which contains only a space.  That might work.
>  The LDAP module is generally intended to search within a particular
> base DN.  It can be a security risk to allow searching of the entire tree.

Only if you're incompetent and setup the ACLs incorrectly.


Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

More information about the Freeradius-Users mailing list