ldap configuration & the mysterious filter ="(uid=%u)"

Alan DeKok aland at deployingradius.com
Tue Feb 9 20:09:21 CET 2016

On Feb 9, 2016, at 1:40 PM, Walter Moore <moorewr at eckerd.edu> wrote:
> I've been searching for an answer this issue on a new install of freeradius
> on CentOS 7, installed from RPMs. As far as I can see, what I enter for the
> ldap filter is not being used by the server, but I'm hopeful I've missed
> some detail in the configuration.

  It's not a new install.  You have configuration left over from an old version of FreeRADIUS.

  Or, you edited the configuration and broke it.

> Here' the key error in the output from radiusd -X.
> *(0) ERROR: ldap : (uid=%u)*
> *(0) ERROR: ldap :       ^ Invalid variable expansion*
> *(0)  ERROR: ldap : Unable to create filter*

  That's old syntax.  For v3, the default in mods-available/ldap is:

	filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"

  Please use the default configuration files.

  Alan DeKok.

More information about the Freeradius-Users mailing list