Freeradius 3 - eDirectory Problem

Bebbet van Dinges bebbet at bebbet.nl
Tue May 17 15:38:47 CEST 2016 

Hello Willy,

Yes i gathered that much, only i'm not sure how to continue, i've tested
quite some different possible filters, but all seem to do exactly the
same, with the same 17** results.. Have i overlooked something?

Kind regards,
Bebbet

On 17-5-2016 15:35, Willy Offermans wrote:
> Dear Bebbet,
> 
> Your answer is already included in the debug information:
> 
> ``specify a more restrictive base_dn, filter or scope''
> 
> Your ``ldap'' server returns more than 1 result upon request. This is not 
> expected.
> 
> 
> On Tue, May 17, 2016 at 03:20:12PM +0200, Bebbet van Dinges wrote:
>> Hello,
>>
>> I'm trying to authorize/authenticate my wifi users against edirectory
>> with Freeradius3, which doesn't work. It worked with this configuration
>> in 2.2, but doesn't seem to provide the required result anymore.
>>
>> I hope you can give me some pointers where to look next.
>>
>> Yours sincerely,
>> Bebbet
>>
>>
>> from raddebug:
>>
>> (74) Tue May 17 12:19:27 2016: Debug: openldap: Performing unfiltered
>> search in "", scope "sub"
>> (74) Tue May 17 12:19:27 2016: Debug: openldap: Waiting for search result...
>> (74) Tue May 17 12:19:30 2016: ERROR: openldap: Ambiguous search result,
>> returned 1723 unsorted entries (should return 1 or 0).  Enable sorting,
>> or specify a more restrictive base_dn, filter or scope
>> (74) Tue May 17 12:19:30 2016: ERROR: openldap: The following entries
>> were returned:
>>
>>
>> [All the records in our directory\
>>
>>
>> /usr/loca/pf/raddb/modules-enabled/ldap:
>>
>>         ldap openldap {
>>                 server = "dns3.desaad.nl"
>>                 port = 636
>>                 identity = "cn=admin,o=desaad"
>>                 password = "You wish.."
>>                 basedn = "o=desaad"
>>         #       filter = "(cn=%{mschap:User-Name})"
>>         filter
>> ="(&(objectClass=inetOrgPerson)(uid=%{Stripped-User-Name:-%{User-Name}}))"
>>                 ldap_connections_number = 5
>>                 timeout = 4
>>                 timelimit = 3
>>                 net_timeout = 1
>>
>>
>>                 access_attr = cn
>>                 password_attribute = nspmPassword
>>
>>
>>                 tls {
>>                         start_tls = no
>>                         require_cert = "allow"
>>                 }
>>                 dictionary_mapping = ${confdir}/ldap.attrmap
>>                 edir_account_policy_check = yes
>>
>>                 keepalive {
>>                         # LDAP_OPT_X_KEEPALIVE_IDLE
>>                         idle = 60
>>
>>                         # LDAP_OPT_X_KEEPALIVE_PROBES
>>                         probes = 3
>>
>>                         # LDAP_OPT_X_KEEPALIVE_INTERVAL
>>                         interval = 3
>>                 }
>>         }
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160517/39c41ee5/attachment-0001.sig>

More information about the Freeradius-Users mailing list