ldap authentication works, but "Failed" message in syslog

Scripts which allow the use of special authentication methods (LDAP, AD, MySQL/PostgreSQL, etc).

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
ricodramp
OpenVpn Newbie
Posts: 4
Joined: Thu Mar 16, 2023 10:42 am

ldap authentication works, but "Failed" message in syslog

Post by ricodramp » Wed Mar 22, 2023 2:05 pm

Hello all,
I have on an OpenVPN server with the ldap plugin in the syslog the following error message, as long as connections are active:

openvpn: LDAP search failed: Referral (0000202B: RefErr: DSID-0310084A, data 0, 1 access points#012#011ref 1: 'example.com'#012)

This is my plugin config:

Code: Select all

<LDAP>
	# LDAP server URL
	URL		ldap://dc01.my.company.com

	
    BindDN  "CN=ldapquery,OU=ldap,OU=services,OU=department1,DC=my,DC=company,DC=com"
	Password "XXXXXXXXXXXXXXXXXXX"

	Timeout		15

	FollowReferrals yes

</LDAP>

<Authorization>
	BaseDN		"OU=department1,DC=my,DC=company,DC=com"
	SearchFilter	"(&(sAMAccountName=%u)(msNPAllowDialin=TRUE))"
	RequireGroup	false

	<Group>
		# Default is true. Match full user DN if true, uid only if false.
		# RFC2307bis   true

		# Default is true. Uncomment and set to false if you want to use a Search operation to determine group
		# membership instead of Compare. Lower performance, so Compare should generally be used, but Search is
		# required in certain LDAP environments.
		# UseCompareOperation   true
		BaseDN		"ou=Groups,dc=example,dc=com"
		SearchFilter	"(|(cn=developers)(cn=artists))"
		MemberAttribute	uniqueMember
		# Add group members to a PF table (disabled)
		#PFTable	ips_vpn_eng
	</Group>
</Authorization>
As you can see „RequireGroup“ is set to „false“. Can someone explain why "example.com" is still queried at AD?

Post Reply