On Fri, 25 Jul 2003, simpel wrote: > Hello, > > I would like to configure my freeradius 0.8 to search in a LDAP data base using > groups. I then tried things on the radiusd.conf file, to use the > groupname_attribute, groupmembership_filter, groupmembership_filter, and > groupmembership_attribute attributes, but nothing worked. > > My concern is to be able to find users which ar not situated under the same OU, but > which are all contained in the same group. > > Could somebody help me? > > Thank you, > > Regards, > > Thierry
Not sure if this is what you are looking for, but here is an example of groups with ldap. in radiusd.conf groupname_attribute = radiusGroupName in ldap uid: example,dc=example,dc=com uid: example objectclass: radiusprofile userPassword: example radiusGroupName: disabled in users DEFAULT Ldap-Group == disabled, Auth-Type := Reject Reply-Message = "Account Disabled" So what would happen is the user would be authorized and radius would do a lookup to see if they belonged to the group disabled. If it exists, then the user will be rejected. If not, then the users file will continue to be parsed. You'd have another default under that one that specified what actions for users that are not disabled. Hope that helps. Dustin Doris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
