On Mon, 24 Dec 2001, Najeh Ben Nasrallah wrote: > Hi All, > > I'm testing freeradius 0.4 with openldap 2.x . > I've some problems setting the groups and users in the ldap directory. > > i've added the following line in the ldap.attrmap : > > chekcItem Group DialGroup > > > In each Ldap User Profile, the DialGroup Attribute is set to the > appropriate > Group Profile "cn". > > Each Group Profile should store reply items common to all members of > the group. > > When testing the config, freeradius debug mode (radiusd -X) shows that > the attribute DialGroup was added as check item but there's no subsquent > ldap_groupcmp call searching for items related to the selected Group. > > rlm_ldap: looking for check items in directory... > rlm_ldap Adding DialGroup as Group, value stuff & op=11 > > However, the groupmembership_filter, groupname_attribute were set > appropriatly in the radiusd.conf. > > the users file contains a single DEFAULT entry : > > DEFAULT Auth-Type=Ldap > Fall-Through = 1 > > Note that using only User Profile,without refering to Group > Profile,works well. > > Am I missing something? > Please, Can someone provide a working sample.
Well, groups are not used for creating group profiles (you can use the profile attribute for that). They ldap_groupcmp() function allows the administrator to check for specific group membership of users. Something like (in the user file): DEFAULT Group != "admins", Called-Station-Id == "10454545", Auth-Type := Reject Hope this helps -- kkalev > > > > thanks > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
