Problem with LDAP queries
aland at deployingradius.com
Mon Sep 9 15:30:07 CEST 2019
On Sep 7, 2019, at 5:57 PM, edson luiz <xxicx at hotmail.com> wrote:
> I currently have a freeradius + LDAP server, I'm having a big problem, authentication works inconsistently, even for valid users with correct credentials, there are times when the user authenticates and at times not, the error is displayed:
> (11) ldap: ERROR: Bind with uid = test, or = wifi, dc = test, dc = org to ldap: //X.X.X.X failed: Other (e.g., implementation specific) error
That's unhelpful. This error comes directly from LDAP, so there isn't much that we can do about it.
> (11) ldap: ERROR: Server said: Failure authenticating with password.
> The curious thing is that the problem only occurs in the authentication phase, I captured and analyzed the traffic of queries and strangely the information goes incorrect, it uses information from another user (one of the last connections), mixing everything, I think this is the problem, but I don't know what is causing it.
The server doesn't do that. For the simple reason that each request is processed in isolation. There's no way for one request to get the information of another request.
LDAP connections are re-used for performance, but that can't cause this issue. The LDAP connections *only* do queries using the admin name/password supplied in the configuration. If FreeRADIUS does a "bind as user" with a connection, then it closes the connection. This prevents cross-contamination of user credentials.
But one connection *will* do queries for multiple users. That's by design, and it's documented as doing that.
If you really want to see what's going on, then post the debug output.
More information about the Freeradius-Users