On Wed, 20 Apr 2005, Andre Herkenrath wrote: > Hi, > I looked at a few things: > > 1. the authorize section contains "ldap" > 2. I bind with an existing user > 3. I want to return "Filter-Id" and this is in teh "ldap.attrmap" > > rlm_ldap: ldap_get_conn: Checking Id: 0 > rlm_ldap: ldap_get_conn: Got Id: 0 > rlm_ldap: attempting LDAP reconnection > rlm_ldap: (re)connect to 170.56.185.59:389, authentication 0 > rlm_ldap: bind as cn=B_LDAP,o=FKEL/ to 170.56.185.59:389 > rlm_ldap: waiting for bind result ... > rlm_ldap: Bind was successful > rlm_ldap: performing search in OU=Abteilungen,O=FKEL, with filter > (uid=herkenra) > rlm_ldap: ldap_release_conn: Release Id: 0 > rlm_ldap: performing user authorization for herkenra > radius_xlat: '(uid=herkenra)' > radius_xlat: 'OU=Abteilungen,O=FKEL' > rlm_ldap: ldap_get_conn: Checking Id: 0 > rlm_ldap: ldap_get_conn: Got Id: 0 > rlm_ldap: performing search in OU=Abteilungen,O=FKEL, with filter > (uid=herkenra) > rlm_ldap: looking for check items in directory... > rlm_ldap: looking for reply items in directory... > rlm_ldap: user herkenra authorized to use remote access
**Nothing was found for reply items. > rlm_ldap: ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 0 > modcall: group authorize returns ok for request 0 You need to make sure that your ldap.attrmap is correct, the entry in ldap is correct, and the user you are searching with has permissions to read that value. For ldap.attrmap, remember you match a radius attribute to an ldap attribute. replyItem Filter-Id radiusFilterId So you should have an entry in your directory with radiusFilterid. dn: uid=... somestuff... radiusFilterid: "some string" Try it with the command line. $ ldapsearch -x -D cn=B_LDAP,o=FKEL -w yourpassword -b "OU=Abteilungen,O=FKEL," uid=herkenra Does that return the radiusFilterid? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
