Look like your syntax is wrong Why don't you have parenthesis around "sAMAccountName userAccountControl"? You are also missing an "=" between the two words.
Alhagie Puye - Network Engineer Datawave Group of Companies (604)295-1817 > >-----Original Message----- > >From: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED] On > >Behalf Of Norbert Wegener > >Sent: December 7, 2005 12:30 PM > >To: FreeRadius users mailing list > >Subject: rlm_ldap: ldap_search() failed: Bad search filter: > > > >I am still trying to let freeradius query AD, but not yet > >too successfull. > > > >Using the following vars with ldapsearch, gives me the > >desired result, as shown below, but fails with rlm_ldap. > >########################################## > >server="mchm967a.tww006.sitest.net " > >port=3268 > >identity="[EMAIL PROTECTED] " > >mypass="mypass" > >basedn="dc=TDE002,dc=SITEST,dc=NET" > >filter="(&(sAMAccountName=28TEF003$)(objectclass=computer)) > >sAMAccountName userAccountControl" > >######################################### > >ldapsearch -x -h $server -p $port -b $basedn $filter -D > >$identity -w $mypass -x > > > ># extended LDIF > ># > ># LDAPv3 > ># base <dc=TDE002,dc=SITEST,dc=NET> with scope sub # filter: > >(&(sAMAccountName=28TEF003$)(objectclass=computer)) > ># requesting: sAMAccountName userAccountControl # > > > ># 28TEF003, CAT-Computers, OU16, MchP, tde002.sitest.net > >dn: > >CN=28TEF003,OU=CAT-Computers,OU=OU16,OU=MchP,DC=tde002,DC=sit > >est,DC=net > >userAccountControl: 4096 > >sAMAccountName: 28TEF003$ > > > ># search result > >search: 2 > >result: 0 Success > > > ># numResponses: 2 > ># numEntries: 1 > >################################################## > >So far, so good. > >When I take the same vars in radiusd.conf, I get: > >rlm_ldap: ldap_search() failed: Bad search filter > >radiusd.conf: > > > > > > ldap ldap1 { > >server="mchm967a.tww006.sitest.net " > >port=3268 > >identity="[EMAIL PROTECTED] " > >mypass="mypass" > >basedn="dc=TDE002,dc=SITEST,dc=NET" > >filter="(&(sAMAccountName=28TEF003$)(objectclass=computer)) > >sAMAccountName userAccountControl" > > ldap_debug= 0xFFFF > > ldap_connections_number = 5 > > timeout = 40 > > timelimit = 30 > > net_timeout = 10 > > tls { > > } > > dictionary_mapping = ${raddbdir}/ldap.attrmap > > } > > > >rlm_ldap: Bind was successful^M > >rlm_ldap: performing search in dc=TDE002,dc=SITEST,dc=NET, > >with filter > >(&(sAMAccountName=28TEF003$)(objectclass=computer)) > >sAMAccountName userAccountControl^M ldap_search^M > >put_filter: "(&(sAMAccountName=28TEF003$)(objectclass=computer)) > >sAMAccountName userAccountControl"^M > >put_filter: AND^M > >put_filter_list "(sAMAccountName=28TEF003$)(objectclass=computer)"^M > >put_filter: "(sAMAccountName=28TEF003$)"^M > >put_filter: simple^M > >put_simple_filter: "sAMAccountName=28TEF003$"^M > >put_filter: "(objectclass=computer)"^M > >put_filter: simple^M > >put_simple_filter: "objectclass=computer"^M > >put_filter: default^M > >put_simple_filter: "sAMAccountName userAccountControl"^M > >rlm_ldap: ldap_search() failed: Bad search filter: > >(&(sAMAccountName=28TEF003$)(objectclass=computer)) > >sAMAccountName userAccountControl^M ldap_msgfree^M > >rlm_ldap: search failed^M > > > >What am I doing wrong? > >Thanks > >Norbert Wegener > > > > > >- > >List info/subscribe/unsubscribe? See > >http://www.freeradius.org/list/users.html > > This message (including any attachments) is confidential, may be privileged and is only intended for the person to whom it is addressed. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. E-mail communications are inherently vulnerable to interception by unauthorized parties and are susceptible to change. We will use alternate communication means upon request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
