Hello there, I'm here to say that I've found kind of misconfiguration/bug in Freeradius.
The version is 2.1.10, and the platform is i386 (i686) OpenBSD. when I try to use group membership check, I see strange behaviour: instead of commas there are symbols (those are in ASCII?) like that: [files] expand: (|(&(objectClass=PosixGroup)(memberUnixUserName=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn}))) -> (|(&(objectClass=PosixGroup)(memberUnixUserName=uid\3dtest\2cou\3dIT\2cou\3dDepartments\2cou\3ddom.tld\2cou\3dDomains\2cou\3dUsers\2cdc\3ddomain\2cdc\3dtld))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid\3dtest\2cou\3dIT\2cou\3dDepartments\2cou\3ddom.tld\2cou\3dDomains\2cou\3dUsers\2cdc\3ddomain\2cdc\3dtld))) of course if I use %{User-Name} instead of %{control:Ldap-UserDn} it works well (with simplified search filter, but it's the same with that above): [files] expand: (&(objectClass=posixGroup)(memberUnixUserName=%{User-Name})) -> (&(objectClass=posixGroup)(memberUnixUserName=test)) [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=domain,dc=tld, with filter (&(cn=disabled)(&(objectClass=posixGroup)(memberUnixUserName=test))) rlm_ldap::ldap_groupcmp: User found in group disabled is this a known behaviour? thanks in advance -- Dont wait to die to find paradise... -- Cheerz, Vlad "Stealth" Glagolev
pgpLkgvMO8BMk.pgp
Description: PGP signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html