You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Authentication rule with condition basedn match does not work. The problem is in file lib/pf/Authentication/Source/LDAPSource.pm the function ldap_filter_for_conditions. It will return string "basedn" not the actual value of the basedn that was specified in Authentication rule.
To Reproduce
Create new LDAP/AD Authentication Source and add Authentication Rule.
Set Conditions basedn is "ou=Computers,dc=your,dc=domain"
Monitor logs and see error: [AD-Source] Unable to execute search (&(|(servicePrincipalName=host/COMPUTER.your.domain)(sAMAccountName=host/COMPUTER.your.domain)(UserPrincipalName=host/COMPUTER.your.domain))) from basedn on adsrv.your.domain:389, we skip the rule. (pf::Authentication::Source::LDAPSource::_match_in_subclass)
The text was updated successfully, but these errors were encountered:
Could you provide more details about "It will return string "basedn" not the actual value of the basedn" ?
I'm not sure to understand what you mean here.
on line 448 $logger->error("[$self->{'id'}] Unable to execute search $filter from $basedn on $LDAPServer:$LDAPServerPort, we skip the rule.");
$basedn is equal to "basedn" but should be "ou=Computers,dc=your,dc=domain"
in file lib/pf/Authentication/Source/LDAPSource.pm
line 591 sub ldap_filter_for_conditions {
line 615 if ($attribute eq "basedn") {
line 616 $basedn = $attribute;
line 617 next;
line 618 }
Line 616 should be $basedn = $value not $attribute
Describe the bug
Authentication rule with condition basedn match does not work. The problem is in file lib/pf/Authentication/Source/LDAPSource.pm the function ldap_filter_for_conditions. It will return string "basedn" not the actual value of the basedn that was specified in Authentication rule.
To Reproduce
The text was updated successfully, but these errors were encountered: