Access permissions FreeRadius-Google LDAP failed
Benjamin Diehl
benjamin.diehl at foundationacademy.net
Tue Oct 5 14:44:11 CEST 2021
root at FreeRadius:~# LDAPTLS_CERT=/etc/freeradius/3.0/certs/ldap-client.crt LDAPTLS_KEY=/etc/freeradius/3.0/certs/ldap-client.key \ldapsearch -H ldaps://ldap.google.com:636 \ -b dc=foundationacademy,dc=net '(mail='benjamin.diehl at foundationacademy.net')'
SASL/EXTERNAL authentication started
SASL username: st=California,c=US,ou=GSuite,cn=LDAP Client,l=Mountain View,o=Google Inc.
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: (objectclass=*)
# requesting: -b dc=foundationacademy,dc=net (mail=benjamin.diehl at foundationacademy.net)
#
#
dn:
# search result
search: 3
result: 0 Success
# numResponses: 2
# numEntries: 1
On Oct 5, 2021, 8:27 AM -0400, Matthew Newton <mcn at freeradius.org>, wrote:
>
> On 05/10/2021 13:16, Benjamin Diehl wrote:
> > rlm_ldap (ldap): Reserved connection (8)
> > (2) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
> > (2) ldap: --> (uid=benjamin.diehl)
> > (2) ldap: Performing search in "dn=foundationacademy,dc=net" with filter "(uid=benjamin.diehl)", scope "sub"
> > (2) ldap: Waiting for search result...
> > (2) ldap: ERROR: Failed performing search: Insufficient access. Check the identity and password configuration directives
>
> Seems pretty clear.
>
> Check the exact same search works with ldapsearch. When it does, take
> the options that work there and put them into the FR config.
>
> --
> Matthew
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list