LDAP search failed

Hatim CHIKHI hatim.networking at gmail.com
Fri Jul 3 13:01:21 CEST 2015


Hi arr2036,

Thanks for your reply.

When I issue an ldap search I get many information about the user I'm
looking for but I'm not sure if the search is successful:

# search result
search: 2
result: 0 Success

# numResponses: 8
# numEntries: 1
# numReferences: 6



In the radius logs, this time I'm getting this error:

[ldap] performing user authorization for hatim
[ldap]  expand: sAMAccountName=3D%{User-Name} -> sAMAccountName=3Dhatim
[ldap]  expand: dc=3Dad,dc=3D****,dc=3Dfr -> dc=3Dad,dc=3D****,dc=3Dfr
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] attempting LDAP reconnection
  [ldap] (re)connect to myserver:389, authentication 0
  [ldap] bind as
cn=3DLinOTP-Auth,ou=3DAD-Man,ou=3DRessources,dc=3Dad,dc=3D****,dc=3Dfr/****=
**** to
myserver:389
  [ldap] waiting for bind result ...
  [ldap] Bind was successful
  [ldap] performing search in dc=3Dad,dc=3D****,dc=3Dfr, with filter
sAMAccountName=3Dhatim
  [ldap] rebind to URL ldap://*****
  [ldap] rebind to URL ldap://*****
  [ldap] rebind to URL ldap://*****
[ldap] no uid attribute - access denied by default
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] =3D userlock


Is it an ldapsearch problem?


Thanks for your help!

2015-07-03 12:52 GMT+02:00 Hatim CHIKHI <hatim.networking at gmail.com>:

> Hi arr2036,
>
> Thanks for your reply.
>
> When I issue an ldap search I get many information about the user I'm
> looking for but I'm not sure if the search is successful:
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 8
> # numEntries: 1
> # numReferences: 6
>
>
>
> In the radius logs, this time I'm getting this error:
>
> [ldap] performing user authorization for hatim
> [ldap]  expand: sAMAccountName=%{User-Name} -> sAMAccountName=hatim
> [ldap]  expand: dc=ad,dc=****,dc=fr -> dc=ad,dc=****,dc=fr
>   [ldap] ldap_get_conn: Checking Id: 0
>   [ldap] ldap_get_conn: Got Id: 0
>   [ldap] attempting LDAP reconnection
>   [ldap] (re)connect to myserver:389, authentication 0
>   [ldap] bind as
> cn=LinOTP-Auth,ou=AD-Man,ou=Ressources,dc=ad,dc=****,dc=fr/******** to
> myserver:389
>   [ldap] waiting for bind result ...
>   [ldap] Bind was successful
>   [ldap] performing search in dc=ad,dc=****,dc=fr, with filter
> sAMAccountName=hatim
>   [ldap] rebind to URL ldap://*****
>   [ldap] rebind to URL ldap://*****
>   [ldap] rebind to URL ldap://*****
> [ldap] no uid attribute - access denied by default
>   [ldap] ldap_release_conn: Release Id: 0
> ++[ldap] = userlock
>
>
> Is it an ldapsearch problem?
>
>
> Thanks for your help!
>
>
>
>
>
> 2015-07-02 17:51 GMT+02:00 arr2036 [via FreeRADIUS] <
> ml-node+s1045715n5735089h90 at n5.nabble.com>:
>
>>
>> > On 2 Jul 2015, at 11:46, Hatim CHIKHI <[hidden email]
>> <http:///user/SendEmail.jtp?type=node&node=5735089&i=0>> wrote:
>> >
>> > Now, when I add password = "****" to the ldap config I get this error
>> > instead:
>> >
>> >  [ldap] waiting for bind result ...
>> >  [ldap] Bind was successful
>> >  [ldap] performing search in dc=ad,dc=domain,dc=fr, with filter
>> > sAMAccountName=hatim
>> >  [ldap] ldap_search() failed: Timed out while waiting for server to
>> > respond. Please increase the timeout.
>> >  [ldap] ldap_release_conn: Release Id: 0
>> > ++[ldap] = fail
>> Likely hopping around the AD forrest and timing out.
>>
>> Use ldapsearch to repeat the search and check the results.
>>
>> If it times out as well then that's your issue. Fix AD.
>>
>> If not, then compare the wireshark captures to see what's different
>> between the two searches.
>>
>> If you think rlm_ldap is doing something wrong, upgrade to v3.0.8, and
>> state what you think it should do different.
>>
>> -Arran
>>
>>
>> >
>> > I increased the timeout but in vain!!
>> >
>> > 2015-07-02 17:29 GMT+02:00 Hatim CHIKHI <[hidden email]
>> <http:///user/SendEmail.jtp?type=node&node=5735089&i=1>>:
>> >
>> >> Thanks guys for your reply.
>> >>
>> >> I upgraded to freeradius 2.2.7 but I still have the same problem.
>> >>
>> >> If it is not a version issue, what whould be the cause of the problem?
>> >>
>> >>
>> >> 2015-07-02 13:07 GMT+02:00 Alan DeKok <[hidden email]
>> <http:///user/SendEmail.jtp?type=node&node=5735089&i=2>>:
>> >>
>> >>> On Jul 2, 2015, at 5:31 AM, Hatim CHIKHI <[hidden email]
>> <http:///user/SendEmail.jtp?type=node&node=5735089&i=3>>
>> >>> wrote:
>> >>>> I'm using freeRaduis version 2.1.12+dfsg-1.2.
>> >>>
>> >>>  You should upgrade.
>> >>>
>> >>>> I'm trying to get some parameters from an AD server but I have
>> problems
>> >>>> with the search filter.
>> >>>> ...
>> >>>> [ldap] ldap_search() failed: Operations error
>> >>>
>> >>>  This is fixed (and documented) in later versions of the server.
>> >>> Install 2.2.7.
>> >>>
>> >>>  Alan DeKok.
>> >>>
>> >>>
>> >>> -
>> >>> List info/subscribe/unsubscribe? See
>> >>> http://www.freeradius.org/list/users.html
>> >>>
>> >>
>> >>
>> > -
>> > List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>> Arran Cudbard-Bell <[hidden email]
>> <http:///user/SendEmail.jtp?type=node&node=5735089&i=4>>
>> FreeRADIUS development team
>>
>> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>> *signature.asc* (890 bytes) Download Attachment
>> <http://freeradius.1045715.n5.nabble.com/attachment/5735089/0/signature.asc>
>>
>>
>> ------------------------------
>>  If you reply to this email, your message will be added to the
>> discussion below:
>>
>> http://freeradius.1045715.n5.nabble.com/LDAP-search-failed-tp5735079p5735089.html
>>  To unsubscribe from FreeRADIUS, click here
>> <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2740692&code=aGF0aW0ubmV0d29ya2luZ0BnbWFpbC5jb218Mjc0MDY5MnwxNzU1NTY4NDU2>
>> .
>> NAML
>> <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>>
>
>


More information about the Freeradius-Users mailing list