RADIUS external auth - LDAP failed due to "Operations error"

Aruba Employee
Aruba Employee

=== PROBLEM === 

Note: This only applies when the LDAP server is a Windows server (AD), not openLDAP, 389, etc. 

Amigopod is configured to use an LDAP server for external RADIUS authentication. The test authentication works on the server profile page but it fails when a guest connects or when doing a full RADIUS Authentication test. When debugging is enabled, you see an error similar to below: 

[ldap-7] waiting for bind result ... 
[ldap-7] Bind was successful 
[ldap-7] ldap_search() failed: Operations error 
[ldap-7] search failed 
[ldap-7] ldap_release_conn: Release Id: 0 

=== SOLUTION === 

If Amigopod is manually configured with an external authentication server as LDAP (rather than Microsoft AD), then the Amigopod LDAP server configuration needs to specify 'ldap_opt_referrals = no' in the Advanced Options. This option is required in RADIUS as without it, AD will refuse to return any responses. Note that the authentication test, and the RADIUS authentication go through completely different code paths. 

=== Advanced LDAP troubleshooting === 

Enable additional debugging using: 
ldap.ldap_debug = 4095

Version history
Revision #:
1 of 1
Last update:
‎06-25-2014 03:48 PM
Updated by:
Labels (1)