LDAP search failed
Hatim CHIKHI
hatim.networking at gmail.com
Thu Jul 2 11:31:20 CEST 2015
Hello,
I'm using freeRaduis version 2.1.12+dfsg-1.2.
I'm trying to get some parameters from an AD server but I have problems
with the search filter.
Here is my ldap configuration:
ldap {
server = "myldapserver"
basedn = "dc=ad,dc=domain,dc=fr"
identity =
"cn=LinOTP-Auth,ou=AD-Man,ou=Ressources,dc=ad,dc=domain,dc=fr"
filter = "sAMAccountName==%{User-Name}"
#base_filter = "(objectclass=sAMAccountName)"
start_tls = no
groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
#profile_attribute = "radiusFramedIPAddress"
profile_attribute = "radiusprofile"
access_attr = "uid"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 10
timeout = 4
timelimit = 5
net_timeout = 1
set_auth_type = yes
}
I'm not sure about the filter parameter.
Here are freeradius logs:
[ldap] performing user authorization for hatim
[ldap] expand: sAMAccountName==%{User-Name} -> sAMAccountName==hatim
[ldap] expand: dc=ad,dc=domain,dc=fr -> dc=ad,dc=domain,dc=fr
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to myldapserver:389, authentication 0
[ldap] bind as
cn=LinOTP-Auth,ou=AD-Man,ou=Ressources,dc=ad,dc=domain,dc=fr/
to myldapserver:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] performing search in dc=ad,dc=domain,dc=fr, with filter
sAMAccountName==hatim
[ldap] ldap_search() failed: Operations error
[ldap] search failed
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns fail
Can you help me please?
Thank you!
More information about the Freeradius-Users
mailing list