Playing with ldapsearch I see that the search string that radiusd -X is reporting to use indeed does not work: =====ldapsearch filter (from radiusd -X) performing search in cn=accounts,dc=abc,dc=xyz, with filter (&(cn=newgroup)(&(objectclass=posixGroup)(memberUid=newuser))) =====
Returns no entries. If I run ldap search with (&(cn=newgroup)(&(objectclass=posixGroup))) - removing the memberUid entry, it returns the entry for the group itself, so something is wrong with how I have the member uid configured. =====ldapsearch filter (filter trimmed to group) ldapsearch -x -b cn=accounts,dc=abc,dc=xyz "(&(cn=newgroup)(&(objectclass=posixGroup)))" # extended LDIF # # LDAPv3 # base <cn=accounts,dc=abc,dc=xyz> with scope subtree # filter: (&(cn=newgroup)(&(objectclass=posixGroup))) # requesting: ALL # # newgroup, groups, accounts, abc.xyz dn: cn=newgroup,cn=groups,cn=accounts,dc=abc,dc=xyz objectClass: top objectClass: groupofnames objectClass: nestedgroup objectClass: ldapsergroup objectClass: ldapobject objectClass: posixgroup cn: newgroup description: switch administrators gidNumber: 895800006 ipaUniqueID: 5de42704-ab1d-11e1-8e07-525400579da7 member: uid=newuser,cn=users,cn=accounts,dc=abc,dc=xyz # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 ============ Any ideas? Thanks. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Radius-authentication-against-LDAP-question-tp5713463p5713483.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
