LDAP search failed
Peter Lambrechtsen
peter at crypt.co.nz
Thu Jul 2 12:47:42 CEST 2015
You shouldn't have two = in the search filter.
filter = "(sAMAccountName=%{User-Name})"
Or take the original one and replace the search value:
filter = "(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
On Thu, Jul 2, 2015 at 9:31 PM, Hatim CHIKHI <hatim.networking at gmail.com>
wrote:
> Hello,
>
> I'm using freeRaduis version 2.1.12+dfsg-1.2.
>
> I'm trying to get some parameters from an AD server but I have problems
> with the search filter.
>
> Here is my ldap configuration:
>
> ldap {
>
> server = "myldapserver"
>
> basedn = "dc=ad,dc=domain,dc=fr"
>
> identity =
> "cn=LinOTP-Auth,ou=AD-Man,ou=Ressources,dc=ad,dc=domain,dc=fr"
>
> filter = "sAMAccountName==%{User-Name}"
>
> #base_filter = "(objectclass=sAMAccountName)"
>
> start_tls = no
>
> groupmembership_filter =
>
> "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
>
> #profile_attribute = "radiusFramedIPAddress"
>
> profile_attribute = "radiusprofile"
>
> access_attr = "uid"
>
> dictionary_mapping = ${raddbdir}/ldap.attrmap
>
> ldap_connections_number = 10
>
> timeout = 4
>
> timelimit = 5
>
> net_timeout = 1
>
> set_auth_type = yes
>
> }
>
>
>
> I'm not sure about the filter parameter.
>
>
>
> Here are freeradius logs:
>
>
> [ldap] performing user authorization for hatim
>
> [ldap] expand: sAMAccountName==%{User-Name} -> sAMAccountName==hatim
>
> [ldap] expand: dc=ad,dc=domain,dc=fr -> dc=ad,dc=domain,dc=fr
>
> [ldap] ldap_get_conn: Checking Id: 0
>
> [ldap] ldap_get_conn: Got Id: 0
>
> [ldap] attempting LDAP reconnection
>
> [ldap] (re)connect to myldapserver:389, authentication 0
>
> [ldap] bind as
> cn=LinOTP-Auth,ou=AD-Man,ou=Ressources,dc=ad,dc=domain,dc=fr/
> to myldapserver:389
>
> [ldap] waiting for bind result ...
>
> [ldap] Bind was successful
>
> [ldap] performing search in dc=ad,dc=domain,dc=fr, with filter
> sAMAccountName==hatim
>
> [ldap] ldap_search() failed: Operations error
>
> [ldap] search failed
>
> [ldap] ldap_release_conn: Release Id: 0
>
> ++[ldap] returns fail
>
>
>
> Can you help me please?
>
> Thank you!
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list