Re: simple Ldap-group search

Fri, 25 Jan 2008 12:22:12 -0800 

I think you need to use Ldap-Group instead of myldap-Ldap-Group or do you use 
do_xlat ?

Markus

  "cxu" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
  Background:

   

  When a user associated with the ssid Guest, the user will authenticate 
against a FreeRadius server.  If he has a university account, the FreeRadius 
server will authenticate him via LDAP.  If he does not have a university 
account, the FreeRadius server will do the authentication with a guest account 
database.

   

   

  Goal:

   

  To reduce the chance to do the LDAP search, the LDAP-group search is 
successful if the user is in the LDAP and no matter which LDAP group he is in.

   

   

  My shot and the problem:

   

  I am trying to do a wildcard search in LDAP-Group search, but it looks like 
the wildcard could not work.

   

  Related entries in the file users,

   

  <omitted>

   

  DEFAULT Called-Station-Id =~ ".*Guest", myldap-Ldap-Group == "*", Autz-Type 
:= Ldap1, Auth-Type := Ldap1

   

  DEFAULT Called-Station-Id =~ ".*Guest", Group == "guest", Autz-Type := Web, 
Auth-Type := System

   

  <omitted>

   

   

  Debug output,

   

  <output omitted>

   

  rlm_ldap: performing search in ou=people,dc=myuniv,dc=ca, with filter 
(&(cn=*)(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=))))

   

  <output omitted>

   

  rlm_ldap::groupcmp: Group * not found or user not a member

  rlm_ldap: ldap_release_conn: Release Id: 0

  ++[files] returns noop

  rlm_pap: WARNING! No "known good" password found for the user.  
Authentication may fail because of this.

  ++[pap] returns noop

  auth: No authenticate method (Auth-Type) configuration found for the request: 
Rejecting the user

  auth: Failed to validate the user.

  Login incorrect: [cxu] (from client localhost port 0)

  Delaying reject of request 0 for 1 seconds

  Going to the next request

  Waking up in 0.9 seconds.

  Sending delayed reject for request 0

   

  Questions:

   

    1.. Is there any way to make the wildcard LDAP-group search work? 
    2.. Whether unlang could be applied here and how? 
    3.. Any advice? 
   

  Thanks!

   

  Andrew

   



------------------------------------------------------------------------------


  -
  List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to