Re: variable problem

Kenneth Grady Tue, 15 Feb 2005 13:43:14 -0800

my apologies I answered before reading the question. It looks like there
is a character that is terminating the search
in radiusd.my.modules
        ldap uid_check {
                server = "ldap"
                ...
                access_attr = "uid"
                
filter="(&(objectClass=posixAccount)(description=remote)(uid=%{Stripped-User-Name:-%{User-Name}}))"
...



output from radiusd -X
...
  modcall[authorize]: module "mschap" returns noop for request 6
    rlm_realm: Looking up realm "lanl.gov" for User-Name =
"[EMAIL PROTECTED]"
    rlm_realm: Found realm "lanl.gov"
    rlm_realm: Adding Stripped-User-Name = "klg"
...
radius_xlat: 
'(&(objectClass=posixAccount)(description=remote)(uid=klg))'

On Tue, 2005-02-15 at 11:22, Mike Sturdee wrote:
> In part of my ldap config section, I obtain the gid with an ldap lookup, 
> then use my ${gid} variable in the groupmembership_filter. Up until 
> recently I had simply been using %{User-Name}, but now have the need to 
> use the check for Stripped-User-Name before using User-Name. That works in 
> everywhere but my gid ldap lookup. I included my groupmembership_filter 
> line just to show the context of the ${gid} use.
> 
> Any pointers to what I may need to do differently is appreciated.
> 
> ------------------------------------------------------
> 
> FreeRADIUS Version 1.1.0-pre0, for host i386-unknown-freebsd5.3, built on 
> Dec 17 2004 at 12:56:19
> 
> ------------------------------------------------------
> # radiusd.conf
> 
> gid =  %{ldap1:ldap:///dc=domain,dc=com?gidNumber?sub?\
> (&(uid=%{Stripped-User-Name:-%{User-Name}})(objectClass=%{Realm}))}
> 
> groupname_attribute = cn
> groupmembership_filter = 
> "(&(objectClass=posixGroup)(|(gidNumber=${gid})(memberUid=%{Stripped-User-Name:-%{User-Name}})))"
> 
> ------------------------------------------------------
> # debugging output
> 
> --snip--
> 
> rlm_ldap: Entering ldap_groupcmp()
> radius_xlat:  'dc=domain,dc=com'
> radius_xlat: Running registered xlat function of module ldap1 for string 
> 'ldap:///dc=domain,dc=com?gidNumber?sub?(&(uid=%{Stripped-User-Name'
> rlm_ldap: - ldap_xlat
> radius_xlat:  'ldap:///dc=domain,dc=com?gidNumber?sub?(&(uid=mike'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in dc=domain,dc=com, with filter 
> (&(uid=mike
> rlm_ldap: ldap_search() failed: Bad search filter: (&(uid=mike
> rlm_ldap: Search returned error
> 
> --snip--
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: variable problem

Reply via email to