Thanks for your fine input and the reminder on the index (I completely
forgot about that). I'll give the ldap module filter a go with the
attr_rewrite. I like keeping attributes with the user object, rather
than spreading usernames around to various other objects. With this
implementation, to me, the extra benefit is that I can just add a
radiusGroupName attribute = X to each user object.
You can also use the ldap-group variable that I showed you before on the
user level by defining the groupmembership_attribute. By default its
radiusGroupname, so that should already work for you. So either way
should work for you, personally, I like having it in the filter as your
example showed. I am doing that now in a little different way. I'll
write it up someday.
BTW, on the attr_rewrite, can I use more advanced regex than just
................: ? It works and always will work, but it would be
more clear in the config file if I could say
"([A-F0-9]{2})-([A-F0-9]{2})-([A-F0-9]{2})-([A-F0-9]{2})-([A-F0-9]{2})-([A-F0-9]{2}):"
or something to that effect... I couldn't get ANY regex to work
except the . Does that seem right?
Stefan
Unfortunately, I don't know too much about attr_rewrite, but I'm sure some
others on this list could help with that one. It looks about right to me.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
