LDAP Module : basedn empty -> error
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Fri Nov 29 17:07:50 CET 2013
On 29 Nov 2013, at 15:57, Alan DeKok <aland at deployingradius.com> wrote:
> Dominique Fournier wrote:
>> In the logs, when there is a reject, I can see :
>> [ldap-inner-tunnel] performing user authorization for XXXXX
>> [ldap-inner-tunnel] expand: (mail=%{User-Name}) -> (mail=XXXXX.fr)
>> [ldap-inner-tunnel] expand: ->
>> [ldap-inner-tunnel] unable to create basedn.
>
> Try creating the basedn which contains only a space. That might work.
>
> The LDAP module is generally intended to search within a particular
> base DN. It can be a security risk to allow searching of the entire tree.
Only if you're incompetent and setup the ACLs incorrectly.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
More information about the Freeradius-Users
mailing list