Hi Ivan,
>
> > The second question.
> >
> > If I put, ONLY FOR CHECK, the base_filter =
> > "(uniquemember=cn=nicolas.velazq...@uam.es,cn=users,dc=uam,dc=es)"
> the
> > LDAP
> > replies with No Such Object. But the radius authorization sends ok.
> > The misconfiguration of LDAP is not the question here.
> > The question here is: documentation says if the parameter not exists
> the
> > authorization doesn't work.
>
> It exists so it does work:
I don't understand anything.
I have the tcpdump file to see the transaction.
I see all the conversation: first the admin_user bind to perform the
authorization, and in the second phase I see the bind of the user to check
the authentication.
But the answer to the authorize module from LDAP as I can see it using
Wireshark is:
LDAPMessage searchResDone (3) noSuchObject [0results]
messageID: 3
protocolOp: searchResDone (5)
searchResDone
resultCode: noSuchObject (32)
matchedDN: cn=Groups, dc=uam,dc=es
The LDAP server doesn't answer
uniquemember=cn=nicolas.velazq...@uam.es,cn=users,dc=uam,dc=es OK or Object
OK or similar acceptance message (I'm not the LDAP guru in my org as you can
see).
Is FR using the matchedDN parameter?
I used "cn" as access_atr.
It could be an explanation an then I must build a better access_atr.
Please, confirm me this question.
And the initial question about the expand of runtime-variables?
The UNexpand of the base_filter is the normal way of operation?
I have read all the wiki and server documentation I found about run-time
variables, operators, etc and I haven't saw anything about this issue.
And the changelog doc doesn't say any bug fix about this question from 2.1.4
to 2.1.7.
Anyway, thank you very much Ivan.
Nicolas
Nicolás Velazquez Campoy
Unidad Técnica de Comunicaciones
Tecnologías de la Información. UAM
http://rincon.uam.es/dir?cw=389407348632812
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
