Hello there, I'm here to say that I've found kind of misconfiguration/bug in Freeradius.
The version is 2.1.10, and the platform is i386 (i686) OpenBSD.
when I try to use group membership check, I see strange behaviour: instead of
commas there are symbols (those are in ASCII?) like that:
[files] expand:
(|(&(objectClass=PosixGroup)(memberUnixUserName=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))
->
(|(&(objectClass=PosixGroup)(memberUnixUserName=uid\3dtest\2cou\3dIT\2cou\3dDepartments\2cou\3ddom.tld\2cou\3dDomains\2cou\3dUsers\2cdc\3ddomain\2cdc\3dtld))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid\3dtest\2cou\3dIT\2cou\3dDepartments\2cou\3ddom.tld\2cou\3dDomains\2cou\3dUsers\2cdc\3ddomain\2cdc\3dtld)))
of course if I use %{User-Name} instead of %{control:Ldap-UserDn} it works well
(with simplified search filter, but it's the same with that above):
[files] expand:
(&(objectClass=posixGroup)(memberUnixUserName=%{User-Name})) ->
(&(objectClass=posixGroup)(memberUnixUserName=test))
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in dc=domain,dc=tld, with filter
(&(cn=disabled)(&(objectClass=posixGroup)(memberUnixUserName=test)))
rlm_ldap::ldap_groupcmp: User found in group disabled
is this a known behaviour?
thanks in advance
--
Dont wait to die to find paradise...
--
Cheerz,
Vlad "Stealth" Glagolev
pgpLkgvMO8BMk.pgp
Description: PGP signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
