I have to link a microsoft active directory in my workplace not under my rooty control.
The user DN in AD are stored in the following format (please don't ask me why!): CN=ALBRIZIO DANIELE (5620),OU=9800,OU=personale,DC=ds,DC=units,DC=it Yes, with parenthesis!
In radiusd.conf I have this configuration: groupname_attribute = cn groupmembership_filter = (&(objectClass=Group)(member=%{Ldap-UserDn}))
The resulting xlat is: radius_xlat: '(|(&(objectClass=Group)(member=CN=ALBRIZIO DANIELE (5620),OU=9800,OU=personale,DC=ds,DC=units,DC=it)))'
The query to Ms. ldap ends in: rlm_ldap: ldap_search() failed: Bad search filter:
This would almost surely happen because parenthesis in (5620) are interpreted.
I'm not able to properly escape the parenthesys in the user DN. I tried with single or bouble quote like the following: groupmembership_filter = (&(objectClass=Group)(member="%{Ldap-UserDn}")) without success.
I only succeeded in escaping the cn in a php environment like this: CN=ALBRIZIO DANIELE \(5620\),OU=9800,OU=personale,DC=ds,DC=units,DC=it obtaining the right result.
Can I do the same using freeradius and how, or is there any other way?
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html