rlm_ldap fails but ldapsearch works
Alan DeKok
aland at deployingradius.com
Sat Aug 1 15:57:35 CEST 2020
On Jul 29, 2020, at 12:24 PM, Victor via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> Hello,
>
> I'm trying to check whether a user belongs to a group or not:
> ...
> but
>
> ldapsearch -b "dc=domain,dc=local" "(&(cn=someusers)(member=uid\3dcommon_user\2ccn\3dusers\2ccn\3daccounts\2cdc\3ddomain\2cdc\3dlocal))" -D uid=common_user,cn=users,cn=accounts,dc=domain,dc=local -W
See mods-available/ldap in recent releases. It has detailed instructions for how to turn the FreeRADIUS configuration items into ldapsearch arguments.
There's no real magic here. If FR returns different data than ldapsearch, then the only cause is that the searches are different. i.e. search string, name/password used to search, etc.
Alan DeKok.
More information about the Freeradius-Users
mailing list