On 05/08/2011 10:32 AM, crzrobot wrote:
Sry for the double posting.
Hi,
Recently I implemented an radius authentication using the ldap module.
Next step is do control the users by groups and I want to ask how could i
setup the group filter if i have this kind of configuration for the groups
on the LDAP servers. I tried to google it but no luck with useful results.
The user authentication is done by uid.
Thank You for your help
dn: cn=group1, ou=group,dc=home,dc=net
objectclass: groupOfUniqueNames
gidNumber: 30000
cn: group1
uniquemember: uidNumber=30001, ou=people,dc=home,dc=net
uniquemember: uidNumber=30002, ou=people,dc=home,dc=net
uniquemember: uidNumber=30003, ou=people,dc=home,dc=net
It's been a long time, but I think this is invalid LDAP data. The
uniquemember value should be a valid DN.
You probably could make this work in FreeRADIUS, but you should fix your
LDAP schema.
You'll need to do the following:
1. Define a local "uid" attribute in raddb/dictionary e.g.
ATTRIBUTE Ldap-UID 3000 integer
2. Define a mapping in ldap.attrmap from LDAP to radius for the uid e.g
checkItem Ldap-UID uidNumber
3. Update your group query e.g.
groupmembership_filter = \
"(uniquemember=uidNumber=%{control:Ldap-UID},ou=people,dc=home,dc=net}
...but it's hacky and nasty - what if the path after the RDN varies? Fix
your LDAP schema to be right and this will just work
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
