Univention Bugzilla – Bug 53264
LDAP-Lookups fail when using auth-type ttls
Last modified: 2022-01-27 14:48:44 CET
Setting ucr set freeradius/conf/auth-type/mschap=no ucr set freeradius/conf/auth-type/ttls=yes does not lead to a working ldap filter: Auth: (1) Invalid user (ldap: Unable to create filter): [radius_check-rgbtest-tub] (from client mon3 port 0 cli 70-6F-6C-69-73-68) Debug-Mode shows the Problem: rlm_ldap (ldap): Reserved connection (0) (1) ldap: ERROR: (uid=%{Stripped-User-Name:-%{User-Name}}) (1) ldap: ERROR: ^ Unknown module (1) ldap: ERROR: Unable to create filter Fix: --- /etc/univention/templates/files//etc/freeradius/3.0/mods-available/ldap.orig 2021-05-16 16:46:34.186637385 +0200 +++ /etc/univention/templates/files//etc/freeradius/3.0/mods-available/ldap 2021-05-16 16:38:43.225770786 +0200 # Unless overridden in another section, the dn from which all @@ -185,10 +186,9 @@ auth_type = configRegistry.get('freeradius/conf/auth-type/mschap', 'FALSE') if auth_type and 'TRUE' == auth_type.upper() or 'YES' == auth_type.upper(): - filter = 'mschap:User-Name' + print('\t\tfilter = "(uid=%%{mschap:User-Name:-%%{User-Name}})"') else: - filter = 'Stripped-User-Name' -print('\t\tfilter = "(uid=%%{%s:-%%{User-Name}})"' % filter) + print('\t\tfilter = "(uid=%%{%%{Stripped-User-Name}:-%%{User-Name}})"') @!@ # SASL parameters to use for user binds