search

freman / caddy-reauth

Auth your Caddyserver requests against another server
MIT License
27 stars 15 forks source link

cannot filter with memberof. #38

Closed luyang93 closed 4 years ago

luyang93 commented 4 years ago

It works when I set as this.I can login in.

ldap url=ldap://192.168.3.200:389,timeout=5s,base="OU=XXXXXXXXXXX,OU=SGR_NJ,OU=XXX,DC=xxx,DC=com",username="CN=Administrator,CN=Users,DC=xxx,DC=com",password="XXXXXXXXX",filter="(&(objectClass=user)(sAMAccountName=%s))"

but when I filter with group.

ldap url=ldap://192.168.3.200:389,timeout=5s,base="OU=XXX,DC=xxx,DC=com",username="CN=Administrator,CN=Users,DC=xxx,DC=com",password="XXXXXXXXX",filter="(&(memberOf=CN=Bioinfo,OU=NAS,OU=Service,OU=XXX,DC=xxx,DC=com)(objectClass=user)(sAMAccountName=%s))"

I cannot login anymore

freman commented 4 years ago

I can't see any error with that can you use an ldap client to perform that filter by hand?

ie: 

ldapsearch -D "CN=Administrator,CN=Users,DC=xxx,DC=com" -w XXXXXXXXX -p 389 -h 192.168.3.200 -b "OU=XXXXXXXXXXX,OU=SGR_NJ,OU=XXX,DC=xxx,DC=com" -s sub "(&(memberOf=CN=Bioinfo,OU=NAS,OU=Service,OU=XXX,DC=xxx,DC=com)(objectClass=user)(sAMAccountName=yourname))"
luyang93 commented 4 years ago

a little weird. I create a new security group, then I use it with filter, it works. I'm sure, the DN is correct.