FreeRadius rlm_ldap :: ldap_groupcmp:ldap_get_values()失败

时间:2019-03-27 18:49:17

标签: freeradius

我正在为我们的ldap服务器配置freeRadius。我可以从用户角度对Radius客户端进行身份验证。但是,当radius尝试查询有关ldap组的信息时,我们得到的错误信息如下

[ldap]使用过滤器在uid = vchevakula @ test.us,ou = users,dc = test,dc = us中执行搜索(objectclass = *) rlm_ldap :: ldap_groupcmp:ldap_get_values()失败,或者如果我们更改组成员资格过滤器中的任何内容,我们将得到实现错误

[ldap] ldap_release_conn: Release Id: 0
[files]     expand: (&(objectClass=GroupOfUniqueNames)(UniqueMember=%{User-Name})) -> (&(objectClass=GroupOfUniqueNames)(UniqueMember=vchevakula@test.us))
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in dc=test,dc=us, with filter (&(cn=Dev-Nw)(&(objectClass=GroupOfUniqueNames)(UniqueMember=vchevakula@cstest.us)))
  [ldap] object not found
  [ldap] ldap_release_conn: Release Id: 0
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in 
uid=vchevakula@cstest.us,ou=users,dc=test,dc=us, with filter (objectclass=*)
    rlm_ldap::ldap_groupcmp: ldap_get_values() failed
      [ldap] ldap_release_conn: Release Id: 0

自由范围内的用户文件

DEFAULT Ldap-Group == "Dev-Nw"
DEFAULT Ldap-Group == "SRE"
        Reply-Message = "You are allowed"

自由半径中的模块/ ldap 

  groupname_attribute = cn
    groupmembership_filter = "(&(objectClass=GroupOfUniqueNames)(UniqueMember=%{User-Name}))"
        groupmembership_attribute = radiusGroupName

我尝试更改组成员资格过滤器,但直到现在它们都没有起作用。我遇到了同样的错误,无法找出。 Freeradius -X在搜索组中不断失败

groupname_attribute = cn         #groupmembership_filter =“(&(objectClass = GroupOfUniqueNames)(uniquemember =%{control:Ldap-UserDn}))”“     #groupmembership_filter =“(|(&(objectClass = GroupOfNames)(成员=%{control:Ldap-UserDn}))(&&(objectClass = GroupOfUniqueNames)(uniquemember =%{control:Ldap-UserDn})))”“     #groupmembership_filter =“(|(&(objectClass = GroupOfNames)(成员=%{Ldap-UserDn}))(&&(objectClass = GroupOfUniqueNames)(uniquemember =%{Ldap-UserDn})))”“     groupmembership_filter =“(&(objectClass = GroupOfUniqueNames)(UniqueMember =%{User-Name}))”     groupmembership_attribute = radiusGroupName

ldap服务器中的ldap属性

dn: cn=SRE,ou=groups,dc=test,dc=us
objectClass: top
objectClass: groupofUniqueNames
cn: SRE
uniqueIdentifier: XXXXXXX
description: SRE Team
uniqueMember: uid=vchevakula@test.us,ou=users,dc=test,dc=us
uniqueMember: uid=nuser@test.us,ou=users,dc=test,dc=us

在freeradius中配置ldap组需要一些帮助

1 个答案:

答案 0 :(得分:1)

你好,我已经解决了我的问题

通过将以下行添加到我在freeradius服务器/ etc / freeradius / modules / ldap中的配置

groupmembership_filter = "(&(objectClass=GroupOfUniqueNames)(uniqueMember=%{control:Ldap-UserDn}))"
相关问题
最新问题