On 12/09/2011 20:59, Heikki Vatiainen wrote: > I agree. That does not look correct. I tested with Radiator and it looks > like when Radiator hands filter "(uid=)" to Perl LDAP library, it shows > as "(?uid=)" in OpenLDAP logs. > > I am not sure why this happens. Is it how OpenLDAP flags a bad filter or > does Perl LDAP library do this?
Hi Heikki, Isaac
I think that's just OpenLDAP's way of indicating a grammatical error in
the filter.
RFC1274 (X.500 schema) defines userid as:
userid ATTRIBUTE
WITH ATTRIBUTE-SYNTAX
caseIgnoreStringSyntax
(SIZE (1 .. ub-user-identifier))
::= {pilotAttributeType 1}
so it must have at least size 1.
I'd have thought that this should have generated an error condition
either within Net::LDAP or OpenLDAP, but it's entirely possible that
there isn't a MUST or SHOULD amongst the various RFCs that define what
the behaviour should be :-)
Isaac, I think the problem stems from radpwtest being unable to find the
radius dictionary. Running it with -trace when it can't find the
dictionary gives:
radiussrv1:~# /radius/Radiator/radpwtst -trace -noacct -user testuser
-password testpass
Attribute number 1 is not defined in your dictionary
Attribute number 6 is not defined in your dictionary
Attribute number 4 is not defined in your dictionary
Attribute number 5 is not defined in your dictionary
Attribute number 30 is not defined in your dictionary
Attribute number 31 is not defined in your dictionary
Attribute number 61 is not defined in your dictionary
Attribute number 2 is not defined in your dictionary
No such attribute Unknown
No such attribute Unknown
No such attribute Unknown
No such attribute Unknown
No such attribute Unknown
No such attribute Unknown
No such attribute Unknown
No such attribute Unknown
sending Access-Request...
Packet dump:
*** Sending to 127.0.0.1 port 1645 ....
Code: Access-Request
Identifier: 208
Authentic: 1234567890123456
Attributes:
Unknown = testuser
Unknown = Framed-User
Unknown = 203.63.154.1
Unknown = 1234
Unknown = 123456789
Unknown = 987654321
Unknown = Async
Unknown = <141><238>,<217><223>=w<133><188>8<9><160><216>}x<153>
and results in a radiator log that looks very much like yours.
Try running radpwtest from the radiator installation directory, or use
the -dictionary flag to specify the path to the dictionary.
Cheers,
Martin
--
Martin Burton
Senior Systems Administrator \\\|||///
Special Projects Team \\ ^ ^ //
Wellcome Trust Sanger Institute ( 6 6 )
-----------------------------------------oOOo-(_)-oOOo---
http://www.sanger.ac.uk
signature.asc
Description: OpenPGP digital signature
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
