On Thu, 20 Mar 2003, Ron Wahler wrote:
> I need some help please...
>
> Anyone ever use a LDAP query to extract the users group from the LDAP
> database?
>
> Not sure how to set up the radiusd.conf file to use the %GroupName. I
> want to query
>
> The user and find what group they are in...
>
> groupname_attribute = "(cn=%GroupName)"
Please go back and read doc/rlm_ldap carefully. The groupname_attribute
corresponds to the ldap attibute which contains the group name _not_ to an ldap
search filter. So it should be:
groupname_attribute = "cn"
>
>
> #groupmembership_filter =
> "(objectCategory=organizationalUnit)(SamAccountName=%U)"
If you keep groupmembership_filter commented out it will use the default
value of
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))
(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
I am not sure this is what you want.
>
> DEFAULT Ldap-Group == "group"
That line seems to be ok.
>
> Thanks, Ron.
The answers are in doc/rlm_ldap. Read it again
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
