Re: AW: Attributes Missing - Auth with ldap

On Wed, 20 Apr 2005, Andre Herkenrath wrote:

> Hi,
> I looked at a few things:
>
> 1. the authorize section contains "ldap"
> 2. I bind with an existing user
> 3. I want to return "Filter-Id" and this is in teh "ldap.attrmap"
>
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to 170.56.185.59:389, authentication 0
> rlm_ldap: bind as cn=B_LDAP,o=FKEL/ to 170.56.185.59:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in OU=Abteilungen,O=FKEL, with filter
> (uid=herkenra)
> rlm_ldap: ldap_release_conn: Release Id: 0
> rlm_ldap: performing user authorization for herkenra
> radius_xlat: '(uid=herkenra)'
> radius_xlat: 'OU=Abteilungen,O=FKEL'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in OU=Abteilungen,O=FKEL, with filter
> (uid=herkenra)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user herkenra authorized to use remote access

**Nothing was found for reply items.

> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 0
> modcall: group authorize returns ok for request 0


You need to make sure that your ldap.attrmap is correct, the entry in ldap
is correct, and the user you are searching with has permissions to read
that value.

For ldap.attrmap, remember you match a radius attribute to an ldap
attribute.

replyItem Filter-Id radiusFilterId

So you should have an entry in your directory with radiusFilterid.

dn: uid=...
somestuff...
radiusFilterid: "some string"

Try it with the command line.

$ ldapsearch -x -D cn=B_LDAP,o=FKEL -w yourpassword -b
"OU=Abteilungen,O=FKEL," uid=herkenra

Does that return the radiusFilterid?



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html