ldap configuration & the mysterious filter ="(uid=%u)"
Alan DeKok
aland at deployingradius.com
Tue Feb 9 21:13:32 CET 2016
On Feb 9, 2016, at 2:43 PM, Walter Moore <moorewr at eckerd.edu> wrote:
> On this new install of freeradius I used the ldap config suggested by this
> page:
> http://wiki.freeradius.org/modules/rlm_ldap
That's for version 2. I'll edit it to make that more clear.
But in general, it's *really* not a good idea to just blow away the entire configuration, and replace it with an example from the documentation.
The point of the example configuration file is for you to *read it*, and make *minor changes*. See "man radiusd" for instructions.
Destroying the configuration is just... unhelpful.
> Note that on this page, as in my prior config, the listed entry for filter
> is *filter = "(uid=%{%{Stripped-User-Name}:**-%{User-Name}})"*
And that's what you should have used. It should also be a hint that running the *default* configuration works, and running a *butchered* configuration doesn't work.
> There seem to be some problems with this page, and some general gaps in
> documentation for enabling modules.. for example this search returns no
> results.
> http://wiki.freeradius.org/search?q=enable+module
Feel free to make suggestions.
But if you read raddb/mods-available/README.rst, you'll see that this *is* documented.
The main problem with most of the documentation is that people look everywhere else... but not where the documentation is located.
Alan DeKok.
More information about the Freeradius-Users
mailing list