LDAP filter

Andrés Gómez andres.gomez.ruiz at gmail.com
Sun Sep 17 02:51:23 CEST 2017

Hi friends!!

In the company where I work, we have a wireless controller which is
authenitcating with a LDAP server using this configuration:

IP address:
LDAP Base DN = "plataform.example.com.co"
Admin DN= "cn=roam,dc=example,dc=com,dc=co"
Admin password =  12345
Key attribute = uid
SearchFilter= "userType=managment"

With that configuration the people from managment department can login in
the wireless network.

I can change to SearchFilter= "userType=guest", so the people from
managment department can not login, but guest people can do it.

No we need to use a FreeRadius server to set a new wireless controller that
can't use LDAP authentication. So, I installed freeradius-ldap package, and
I enabled the module. This is my ldap file:

ldap {

        server = "plataform.example.com.co"
        identity = "cn=roam,dc=example,dc=com,dc=co"
        password = 12345
        basedn = "dc=example,dc=com,dc=co"
        ldap_connections_number = 5

I enabled LDAP module, and reloaded the freeradius configuration and every
works great :D  I can autheniticate using freeradius and Ldap server.

But the issue is: with that setting people from managment department and
guest people can logging in the wireless network, both of them. That is a
problem for me, I need to apply the same Filter that the previous wirless
controller had enabled ( Key attribute = uid and SearchFilter=
I have tried using these attibutes in ldap config file:
        filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
        base_filter = "(objectclass=radiusprofile)"

I have tried many combinations but I cant' do it work.

Can you give me any advice about how can I configure the freeradius-ldap
module in order to do that filter?

Thanks in advance!!!


More information about the Freeradius-Users mailing list