I think Willy’s answer on the FreeRADIUS mailing list is correct.
You have to fix your ldap search query.
Try running your query with something such as ldapsearch and then narrowing it
down to something that will return only one user.
--
Louis Munro
[email protected] :: www.inverse.ca
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
> On May 17, 2016, at 9:33 , Bebbet van Dinges <[email protected]> wrote:
>
> Hello,
>
> I'm trying to get people authorized to my wifi network, so far i've
> gotten this far. The configuration from 5.7 works, but my test server on
> 6.0.1 with the exact same configuration gives this error.
>
> Anyone got an idea that might help me forward?
>
> Yours sincerely,
> Bebbet
>
>
> from raddebug:
>
> (74) Tue May 17 12:19:27 2016: Debug: openldap: Performing unfiltered
> search in "", scope "sub"
> (74) Tue May 17 12:19:27 2016: Debug: openldap: Waiting for search result...
> (74) Tue May 17 12:19:30 2016: ERROR: openldap: Ambiguous search result,
> returned 1723 unsorted entries (should return 1 or 0). Enable sorting,
> or specify a more restrictive base_dn, filter or scope
> (74) Tue May 17 12:19:30 2016: ERROR: openldap: The following entries
> were returned:
>
>
> [All the records in our directory\
>
>
> /usr/loca/pf/raddb/modules-enabled/ldap:
>
> ldap openldap {
> server = "dns3.desaad.nl"
> port = 636
> identity = "cn=admin,o=desaad"
> password = "You wish.."
> basedn = "o=desaad"
> # filter = "(cn=%{mschap:User-Name})"
> filter
> ="(&(objectClass=inetOrgPerson)(uid=%{Stripped-User-Name:-%{User-Name}}))"
> ldap_connections_number = 5
> timeout = 4
> timelimit = 3
> net_timeout = 1
>
>
> access_attr = cn
> password_attribute = nspmPassword
>
>
> tls {
> start_tls = no
> require_cert = "allow"
> }
> dictionary_mapping = ${confdir}/ldap.attrmap
> edir_account_policy_check = yes
>
> keepalive {
> # LDAP_OPT_X_KEEPALIVE_IDLE
> idle = 60
>
> # LDAP_OPT_X_KEEPALIVE_PROBES
> probes = 3
>
> # LDAP_OPT_X_KEEPALIVE_INTERVAL
> interval = 3
> }
> }
>
> ------------------------------------------------------------------------------
> Mobile security can be enabling, not merely restricting. Employees who
> bring their own devices (BYOD) to work are irked by the imposition of MDM
> restrictions. Mobile Device Manager Plus allows you to control only the
> apps on BYO-devices by containerizing them, leaving personal data untouched!
> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
