LDAP search failed

Hatim CHIKHI hatim.networking at gmail.com
Mon Jul 6 17:10:20 CEST 2015


> myserver:389
>   [ldap] waiting for bind result ...
>   [ldap] Bind was successful
>   [ldap] performing search in dc=3Dad,dc=3D****,dc=3Dfr, with filter
> sAMAccountName=3Dhatim
>   [ldap] rebind to URL ldap://*****
>   [ldap] rebind to URL ldap://*****
>   [ldap] rebind to URL ldap://*****
> [ldap] no uid attribute - access denied by default

>Active Directory has no uid by default. The schema needs to be extended to
provide it. And most provisioning software does not populate it even if it
exists.

So this was the problem, I changed the value uid and set "sAMAccountName"
and now it works.
Thank you guys for you help.


I have an other question, the ldap search is taking too much time, more
than 10 seconds.
I don't know if there is a way to speed up the search??


Thanks!

2015-07-06 16:10 GMT+02:00 Hatim CHIKHI <hatim.networking at gmail.com>:

> > myserver:389
> >   [ldap] waiting for bind result ...
> >   [ldap] Bind was successful
> >   [ldap] performing search in dc=3Dad,dc=3D****,dc=3Dfr, with filter
> > sAMAccountName=3Dhatim
> >   [ldap] rebind to URL ldap://*****
> >   [ldap] rebind to URL ldap://*****
> >   [ldap] rebind to URL ldap://*****
> > [ldap] no uid attribute - access denied by default
>
> >Active Directory has no uid by default. The schema needs to be extended
> to provide it. And most provisioning software does not populate it even if
> it exists.
>
> So this was the problem, I changed the value uid and set "sAMAccountName"
> and now it works.
> Thank you guys for you help.
>
>
> I have an other question, the ldap search is taking too much time, more
> than 10 seconds.
> I don't know if there is a way to speed up the search??
>
>
> Thanks!
>
> 2015-07-03 18:05 GMT+02:00 Hatim CHIKHI <hatim.networking at gmail.com>:
>
>>
>>   >When FreeRADIUS does the search for the user, it gets nothing.
>>   >
>>   > Perhaps because the search string is broken?
>>
>> But I get a result when I issue the search with ldapsearch
>>
>>
>>   >That doesn't look right.  Where does that string come from?
>> The 3D is added by gmail so it's not a problem
>>
>>
>>
>> 2015-07-03 15:25 GMT+02:00 Alan DeKok-2 [via FreeRADIUS] <
>> ml-node+s1045715n5735114h65 at n5.nabble.com>:
>>
>>> On Jul 3, 2015, at 7:01 AM, Hatim CHIKHI <[hidden email]
>>> <http:///user/SendEmail.jtp?type=node&node=5735114&i=0>> wrote:
>>> > When I issue an ldap search I get many information about the user I'm
>>> > looking for but I'm not sure if the search is successful:
>>>
>>>   When FreeRADIUS does the search for the user, it gets nothing.
>>>
>>>   Perhaps because the search string is broken?
>>>
>>> > In the radius logs, this time I'm getting this error:
>>> >
>>> > [ldap] performing user authorization for hatim
>>> > [ldap]  expand: sAMAccountName=3D%{User-Name} ->
>>> sAMAccountName=3Dhatim
>>> > [ldap]  expand: dc=3Dad,dc=3D****,dc=3Dfr -> dc=3Dad,dc=3D****,dc=3Dfr
>>>
>>>   That doesn't look right.  Where does that string come from?
>>>
>>>   Alan DeKok.
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>>
>>> ------------------------------
>>>  If you reply to this email, your message will be added to the
>>> discussion below:
>>>
>>> http://freeradius.1045715.n5.nabble.com/LDAP-search-failed-tp5735079p5735114.html
>>>  To unsubscribe from FreeRADIUS, click here
>>> <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2740692&code=aGF0aW0ubmV0d29ya2luZ0BnbWFpbC5jb218Mjc0MDY5MnwxNzU1NTY4NDU2>
>>> .
>>> NAML
>>> <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>>>
>>
>>
>


More information about the Freeradius-Users mailing list