>> > If I put, ONLY FOR CHECK, the base_filter = >> > "(uniquemember=cn=nicolas.velazq...@uam.es,cn=users,dc=uam,dc=es)" >> the >> > LDAP >> > replies with No Such Object. But the radius authorization sends ok. >> > The misconfiguration of LDAP is not the question here. >> > The question here is: documentation says if the parameter not exists >> the >> > authorization doesn't work. >> >> It exists so it does work: > > Is FR using the matchedDN parameter? > I used "cn" as access_atr. > It could be an explanation an then I must build a better access_atr.
I don't know anything about ldap. Debug shows that freeradius found access attribute for that uid. I have no idea how, but it did. > And the initial question about the expand of runtime-variables? > The UNexpand of the base_filter is the normal way of operation? Yes, base_filter doesn't expand. I don't think that base_dn expands either. uid is the only one that's dynamic there. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html