AW: AW: Attributes Missing - Auth with ldap
This is a discussion on AW: AW: Attributes Missing - Auth with ldap within the FreeRADIUS Users forums, part of the Networking and Network Related category; Hi, I did the ldapsearch and here is the output: herkenra # extended LDIF # # LDAPv3 # base <OU=3DAbteilungen,O=3DFKEL,&...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-20-2005
|
|||
|
|||
AW: AW: Attributes Missing - Auth with ldap
Hi,
I did the ldapsearch and here is the output: herkenra # extended LDIF # # LDAPv3 # base <OU=3DAbteilungen,O=3DFKEL,> with scope sub # filter: uid=3Dherkenra # requesting: ALL # # search result search: 2 result: 80 Internal (implementation specific) error text: NDS error: no referrals (-634) # numResponses: 1 It seems that the Novell 6.0 Ldap isn=B4t working as expected ! I tried this on the Novell 6.5 Server I use for testing and got this result: # extended LDIF # # LDAPv3 # base <o=3DMH> with scope sub # filter: uid=3Dandre # requesting: ALL # # search result search: 2 result: 0 Success # numResponses: 1 With the Novell 6.5, I could append the attribute, that I defined in the "users"-File without putting anything in the user directory. Do you have any ideas ?? Is there a possibility to give these attributes without the exact LDAP result ? Regards Andr=E9 =20 -----Urspr=FCngliche Nachricht----- Von: Dustin Doris [mailto:freeradius@mail.doris.cc]=20 Gesendet: Mittwoch, 20. April 2005 16:41 An: freeradius-users@lists.freeradius.org Betreff: Re: AW: Attributes Missing - Auth with ldap On Wed, 20 Apr 2005, Andre Herkenrath wrote: > Hi, > I looked at a few things: > > 1. the authorize section contains "ldap" > 2. I bind with an existing user > 3. I want to return "Filter-Id" and this is in teh "ldap.attrmap" > > rlm_ldap: ldap_get_conn: Checking Id: 0 > rlm_ldap: ldap_get_conn: Got Id: 0 > rlm_ldap: attempting LDAP reconnection > rlm_ldap: (re)connect to 170.56.185.59:389, authentication 0 > rlm_ldap: bind as cn=3DB_LDAP,o=3DFKEL/ to 170.56.185.59:389 > rlm_ldap: waiting for bind result ... > rlm_ldap: Bind was successful > rlm_ldap: performing search in OU=3DAbteilungen,O=3DFKEL, with filter > (uid=3Dherkenra) > rlm_ldap: ldap_release_conn: Release Id: 0 > rlm_ldap: performing user authorization for herkenra > radius_xlat: '(uid=3Dherkenra)' > radius_xlat: 'OU=3DAbteilungen,O=3DFKEL' > rlm_ldap: ldap_get_conn: Checking Id: 0 > rlm_ldap: ldap_get_conn: Got Id: 0 > rlm_ldap: performing search in OU=3DAbteilungen,O=3DFKEL, with filter > (uid=3Dherkenra) > rlm_ldap: looking for check items in directory... > rlm_ldap: looking for reply items in directory... > rlm_ldap: user herkenra authorized to use remote access **Nothing was found for reply items. > rlm_ldap: ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 0 > modcall: group authorize returns ok for request 0 You need to make sure that your ldap.attrmap is correct, the entry in ldap is correct, and the user you are searching with has permissions to read that value. For ldap.attrmap, remember you match a radius attribute to an ldap attribute. replyItem Filter-Id radiusFilterId So you should have an entry in your directory with radiusFilterid. dn: uid=3D... somestuff... radiusFilterid: "some string" Try it with the command line. $ ldapsearch -x -D cn=3DB_LDAP,o=3DFKEL -w yourpassword -b "OU=3DAbteilungen,O=3DFKEL," uid=3Dherkenra Does that return the radiusFilterid? -=20 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
|
Linear Mode
