Kostas, I want to extract the group name out of the database without knowing it. I have the user/password and want to get what group they are in. It seems like you need to know the group to query it with the LDAP groupname Attribute and filter.
Ron. -----Original Message----- From: Kostas Kalevras [mailto:[EMAIL PROTECTED] Sent: Monday, March 24, 2003 6:21 PM To: [EMAIL PROTECTED] Subject: Re: LDAP groups On Thu, 20 Mar 2003, Ron Wahler wrote: > I need some help please... > > Anyone ever use a LDAP query to extract the users group from the LDAP > database? > > Not sure how to set up the radiusd.conf file to use the %GroupName. I > want to query > > The user and find what group they are in... > > groupname_attribute = "(cn=%GroupName)" Please go back and read doc/rlm_ldap carefully. The groupname_attribute corresponds to the ldap attibute which contains the group name _not_ to an ldap search filter. So it should be: groupname_attribute = "cn" > > > #groupmembership_filter = > "(objectCategory=organizationalUnit)(SamAccountName=%U)" If you keep groupmembership_filter commented out it will use the default value of "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn})) (&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" I am not sure this is what you want. > > DEFAULT Ldap-Group == "group" That line seems to be ok. > > Thanks, Ron. The answers are in doc/rlm_ldap. Read it again -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
