group authorization

Brendan Kearney bpk678 at
Wed Mar 26 02:24:18 CET 2014

>   Why?  The "filter" configuration item is the *only* place where the
> LDAP "uid" search string is set.  Editing anything else won't help.
the uid vs dn may not be the issue (or at least not the only issue).

>   Read the documentation and configure it as required.
i did and its vague.  also its contradicted by what is on the freeradius
site, which googling around turns up.

>   This isn't hard.  Configure the "filter" item with the LDAP search
> string you need.  If it doesn't work, read the debug output.  It will
> show either an error, or that the user information wasn't found.  It's
> just an LDAP search string... so if the user wasn't found, fix the string.
where do i find the different variables that are referenced
(Stripped-User-Name, User-Name, control:Ldap-UserDn, etc)?  where is the
documentation around what %{%{Stripped-User-Name}:-%{User-Name}} does vs
%{%{control:Ldap-UserDn}:-%{control:Ldap-UserDn}} (which does not seem
to work anyway)

>   The FreeRADIUS debug mode prints out the LDAP searches it's doing, so
> you can re-run the searches manually.  Use them in "ldapsearch".
need the pointer to the above info

>   The problem as I see it is you're saying "I did a bunch of stuff".
> But you're not saying *exactly* what you did, or what happened.  These
> are computers... they are blatantly literal.  Vague statements like "I
> tried things" aren't good enough.
yes, and a bunch of stuff is all that can be tried/done when no real,
comprehensive howtos exist on how to do this.
is the best i have found, and it does not work, is outdated or does not
do everything i am looking for.

More information about the Freeradius-Users mailing list