Re: rlm_ldap: ldap_search() failed: Bad search filter:

Wed, 07 Dec 2005 13:31:27 -0800 

Alhagie Puye wrote:


Look like your syntax is wrong

The errormessage let's me assume, it is so, yes.
The paranthesis did not change anything.
I want to extract sAMAccountName userAccountControl from the AD and do not want to compare them. As mentioned, it works with ldapsearch and I wonder where there are the differences to rlm_ldap. 
Norbert


Why don't you have parenthesis around "sAMAccountName
userAccountControl"? You are also missing an "=" between the two words.


Alhagie Puye - Network Engineer
Datawave Group of Companies
(604)295-1817 
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Norbert Wegener 
Sent: December 7, 2005 12:30 PM
To: FreeRadius users mailing list
Subject: rlm_ldap: ldap_search() failed: Bad search filter: I am still trying to let freeradius query AD, but not yet too successfull.
Using the following vars with ldapsearch, gives me the desired result, as shown below, but fails with rlm_ldap. 
##########################################
server="mchm967a.tww006.sitest.net "
port=3268
identity="[EMAIL PROTECTED] "
mypass="mypass"
basedn="dc=TDE002,dc=SITEST,dc=NET"
filter="(&(sAMAccountName=28TEF003$)(objectclass=computer))
sAMAccountName userAccountControl"
#########################################
ldapsearch -x -h $server -p $port -b $basedn $filter -D $identity -w $mypass -x 

# extended LDIF
#
# LDAPv3
# base <dc=TDE002,dc=SITEST,dc=NET> with scope sub # filter: (&(sAMAccountName=28TEF003$)(objectclass=computer)) 
# requesting: sAMAccountName userAccountControl #

# 28TEF003, CAT-Computers, OU16, MchP, tde002.sitest.net
dn: CN=28TEF003,OU=CAT-Computers,OU=OU16,OU=MchP,DC=tde002,DC=sit 
est,DC=net
userAccountControl: 4096
sAMAccountName: 28TEF003$

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
##################################################
So far, so good.
When I take the same vars in  radiusd.conf, I get:
rlm_ldap: ldap_search() failed: Bad search filter
radiusd.conf:


ldap ldap1 {
server="mchm967a.tww006.sitest.net "
port=3268
identity="[EMAIL PROTECTED] "
mypass="mypass"
basedn="dc=TDE002,dc=SITEST,dc=NET"
filter="(&(sAMAccountName=28TEF003$)(objectclass=computer))
sAMAccountName userAccountControl"
              ldap_debug= 0xFFFF
              ldap_connections_number = 5
              timeout = 40
              timelimit = 30
              net_timeout = 10
              tls {
              }
              dictionary_mapping = ${raddbdir}/ldap.attrmap
      }

rlm_ldap: Bind was successful^M
rlm_ldap: performing search in dc=TDE002,dc=SITEST,dc=NET, with filter (&(sAMAccountName=28TEF003$)(objectclass=computer)) sAMAccountName userAccountControl^M ldap_search^M 
put_filter: "(&(sAMAccountName=28TEF003$)(objectclass=computer))
sAMAccountName userAccountControl"^M
put_filter: AND^M
put_filter_list "(sAMAccountName=28TEF003$)(objectclass=computer)"^M
put_filter: "(sAMAccountName=28TEF003$)"^M
put_filter: simple^M
put_simple_filter: "sAMAccountName=28TEF003$"^M
put_filter: "(objectclass=computer)"^M
put_filter: simple^M
put_simple_filter: "objectclass=computer"^M
put_filter: default^M
put_simple_filter: "sAMAccountName userAccountControl"^M
rlm_ldap: ldap_search() failed: Bad search filter: (&(sAMAccountName=28TEF003$)(objectclass=computer)) sAMAccountName userAccountControl^M ldap_msgfree^M 
rlm_ldap: search failed^M

What am I doing wrong?
Thanks
Norbert Wegener


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 




This message (including any attachments) is confidential, may be privileged and 
is only intended for the person to whom it is addressed.  If you have received 
it by mistake please notify the sender by return e-mail and delete this message 
from your system.  Any unauthorized use or dissemination of this message in 
whole or in part is strictly prohibited.  E-mail communications are inherently 
vulnerable to interception by unauthorized parties and are susceptible to 
change.  We will use alternate communication means upon request.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to