Thibault Le Meur wrote:
Hello,
I've made a little test and found that the match operator "=~" doesn't work
on my setup (Freeradius 1.0.4) for Groups defined as LDAP DNs.
Indeed I'd like to to use the following rule (in the users file):
DEFAULT Ldap-Group =~
"cn=mygroupname,ou=(unit1|unit2|unit3),dc=mycorp,dc=org"
Fall-Through = no
This way, a unique rule will match 3 different groups having the same cn,
but in different subtrees.
Am I missing something or is this setup impossible with Ldap-Groups ?
You are missing something.
Ldap-Group is not a real attribute that's copied to the config items.
It's a "virtual" attribute. At runtime, the right-hand-side of the
comparison is searched for in the LDAP directory.
There's no way to do what you want currently. Source code changes and/or
clever use of the ldap xlat might do it (see doc/rlm_ldap)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
