UserDN escape problem and Group membership checking in 3.0.3
Winders, Timothy A
twinders at southplainscollege.edu
Thu Nov 20 17:24:54 CET 2014
On 11/20/14, 9:48 AM, "Arran Cudbard-Bell" <a.cudbardb at freeradius.org>
wrote:
>
>> On 20 Nov 2014, at 09:30, Winders, Timothy A
>><twinders at southplainscollege.edu> wrote:
>>
>> On 11/20/14, 8:11 AM, "Alan DeKok" <aland at deployingradius.com> wrote:
>>
>>
>>> Winders, Timothy A wrote:
>>>> Is there a specific place, URL, instruction, to make sure I download
>>>>the
>>>> correct code to compile?
>>>
>>> https://github.com/FreeRADIUS/freeradius-server/tree/v3.0.x
>>>
>>> And click on the "download zip" button on the right hand side.
>>
>> Downloaded and installedŠ
>>
>> The problem with membership_filter seems to be resolved. I still see
>>the
>> escaping happening, but, the user in group object is found.
>
>>(12) Waiting for search result...
>> ber_get_next failed.
>> ber_get_next failed.
>> ber_get_next failed.
>> ber_get_next failed.
>> ber_get_next failed.
>> ber_get_next failed.
>> ber_get_next failed.
>> ber_get_next failed.
>> ber_get_next failed.
>> ber_get_next failed.
>> ber_get_next failed.
>> ber_get_next failed.
>> ber_get_next failed.
>> ber_get_next failed.
>> ber_get_next failed.
>> ber_get_next failed.
>
>Hmm, well i've never seen that before. Do you have additional ldap
>debugging enabled?
Nope. I'm just running "radiusd -X" and copying the (relevant) parts of
the debug. This time it doesn't show up in the debug. It's (highly
likely) that my configurations are less than optimal. 8-)
>
>You'll find that LDAP-Group == 'Students Security Group' will also work,
>for both cases, if you set group.name_attribute.
>
Confirmed!
(27) if (LDAP-Group == "Students Security Group") {
(27) Searching for user in group "Students Security Group"
rlm_ldap (ldap): 0 of 0 connections in use. You probably need to increase
"spare"
rlm_ldap (ldap): Opening additional connection (7)
rlm_ldap (ldap): Connecting to ldap.southplainscollege.edu:389
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
rlm_ldap (ldap): Reserved connection (7)
(27) Using user DN from request "CN=Winders\, Tim
(0552),OU=Students,OU=SPC,DC=southplainscollege,DC=edu"
(27) Checking user object membership (memberOf) attributes
(27) Performing unfiltered search in 'CN=Winders\, Tim
(0552),OU=Students,OU=SPC,DC=southplainscollege,DC=edu', scope 'base'
(27) Waiting for search result...
(27) Processing group membership value "CN=Students Security
Group,OU=Standard Groups,OU=Groups,OU=SPC,DC=southplainscollege,DC=edu"
(27) Converting group DN to group Name
(27) Performing unfiltered search in 'CN=Students Security
Group,OU=Standard Groups,OU=Groups,OU=SPC,DC=southplainscollege,DC=edu',
scope 'base'
(27) Waiting for search result...
(27) Group name is "Students Security Group"
(27) User found. Comparison between membership: name (resolved from DN),
check: name
rlm_ldap (ldap): Released connection (7)
--
Tim Winders
Associate Dean of Information Technology
South Plains College
(806) 716-2369
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5856 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141120/9ae38882/attachment.bin>
More information about the Freeradius-Users
mailing list