Probably in the NDS setup - where the replicas are and which replica the info you're trying to get is on.
Check this TID. It explains the referral process. http://support.novell.com/cgi-bin/search/searchtid.cgi?/10061859.htm Mearl >>> [EMAIL PROTECTED] 4/20/2005 11:58 AM >>> Hi, I did the ldapsearch and here is the output: herkenra # extended LDIF # # LDAPv3 # base <OU=Abteilungen,O=FKEL,> with scope sub # filter: uid=herkenra # requesting: ALL # # search result search: 2 result: 80 Internal (implementation specific) error text: NDS error: no referrals (-634) # numResponses: 1 It seems that the Novell 6.0 Ldap isn´t working as expected ! I tried this on the Novell 6.5 Server I use for testing and got this result: # extended LDIF # # LDAPv3 # base <o=MH> with scope sub # filter: uid=andre # requesting: ALL # # search result search: 2 result: 0 Success # numResponses: 1 With the Novell 6.5, I could append the attribute, that I defined in the "users"-File without putting anything in the user directory. Do you have any ideas ?? Is there a possibility to give these attributes without the exact LDAP result ? Regards André -----Ursprüngliche Nachricht----- Von: Dustin Doris [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 20. April 2005 16:41 An: freeradius-users@lists.freeradius.org Betreff: Re: AW: Attributes Missing - Auth with ldap On Wed, 20 Apr 2005, Andre Herkenrath wrote: > Hi, > I looked at a few things: > > 1. the authorize section contains "ldap" > 2. I bind with an existing user > 3. I want to return "Filter-Id" and this is in teh "ldap.attrmap" > > rlm_ldap: ldap_get_conn: Checking Id: 0 > rlm_ldap: ldap_get_conn: Got Id: 0 > rlm_ldap: attempting LDAP reconnection > rlm_ldap: (re)connect to 170.56.185.59:389, authentication 0 > rlm_ldap: bind as cn=B_LDAP,o=FKEL/ to 170.56.185.59:389 > rlm_ldap: waiting for bind result ... > rlm_ldap: Bind was successful > rlm_ldap: performing search in OU=Abteilungen,O=FKEL, with filter > (uid=herkenra) > rlm_ldap: ldap_release_conn: Release Id: 0 > rlm_ldap: performing user authorization for herkenra > radius_xlat: '(uid=herkenra)' > radius_xlat: 'OU=Abteilungen,O=FKEL' > rlm_ldap: ldap_get_conn: Checking Id: 0 > rlm_ldap: ldap_get_conn: Got Id: 0 > rlm_ldap: performing search in OU=Abteilungen,O=FKEL, with filter > (uid=herkenra) > rlm_ldap: looking for check items in directory... > rlm_ldap: looking for reply items in directory... > rlm_ldap: user herkenra authorized to use remote access **Nothing was found for reply items. > rlm_ldap: ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 0 > modcall: group authorize returns ok for request 0 You need to make sure that your ldap.attrmap is correct, the entry in ldap is correct, and the user you are searching with has permissions to read that value. For ldap.attrmap, remember you match a radius attribute to an ldap attribute. replyItem Filter-Id radiusFilterId So you should have an entry in your directory with radiusFilterid. dn: uid=... somestuff... radiusFilterid: "some string" Try it with the command line. $ ldapsearch -x -D cn=B_LDAP,o=FKEL -w yourpassword -b "OU=Abteilungen,O=FKEL," uid=herkenra Does that return the radiusFilterid? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
