ldap configuration & the mysterious filter ="(uid=%u)"

Walter Moore moorewr at eckerd.edu
Tue Feb 9 21:20:08 CET 2016


Ahem.

It's up to you how you choose to respond to users.

Does it make more sense to see why people who make good faith efforts to
follow your documentation are having problems and improve the product? Or
should you make negative assumptions, and blame and castigate them for
their efforts to follow installation instructions?

Regards,
Walter Moore

On Tue, Feb 9, 2016 at 3:13 PM, Alan DeKok <aland at deployingradius.com>
wrote:

> On Feb 9, 2016, at 2:43 PM, Walter Moore <moorewr at eckerd.edu> wrote:
> > On this new install of freeradius I used the ldap config suggested by
> this
> > page:
> > http://wiki.freeradius.org/modules/rlm_ldap
>
>   That's for version 2.  I'll edit it to make that more clear.
>
>   But in general, it's *really* not a good idea to just blow away the
> entire configuration, and replace it with an example from the documentation.
>
>   The point of the example configuration file is for you to *read it*, and
> make *minor changes*.  See "man radiusd" for instructions.
>
>   Destroying the configuration is just... unhelpful.
>
> > Note that on this page, as in my prior config, the listed entry for
> filter
> > is  *filter = "(uid=%{%{Stripped-User-Name}:**-%{User-Name}})"*
>
>   And that's what you should have used.  It should also be a hint that
> running the *default* configuration works, and running a *butchered*
> configuration doesn't work.
>
> > There seem to be some problems with this page, and some general gaps in
> > documentation for enabling modules.. for example this search returns no
> > results.
> > http://wiki.freeradius.org/search?q=enable+module
>
>   Feel free to make suggestions.
>
>   But if you read raddb/mods-available/README.rst, you'll see that this
> *is* documented.
>
>   The main problem with most of the documentation is that people look
> everywhere else... but not where the documentation is located.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 
+-----------------------------------------------------------------+
Walter R. Moore --  Sr. Systems Administrator, Eckerd College
moorewr at eckerd.edu --  http://home.eckerd.edu/~moorewr

"It was glorious to see -- if your heart were iron,
And you could keep from grieving at all the pain" - The Iliad (13.355)

I'm on twitter: http://twitter.com/moorewreckerd

***Reminder! ITS will never ask you to e-mail your password!***


More information about the Freeradius-Users mailing list