On 11/01/12 11:41, Graham Leggett wrote:
Hi all,
If you set up groups in the rlm_ldap module, and a user is found to
match more than one group, that user is currently denied access.
I'm not sure I understand the circumstances in which this occurs. Can
you give an example of it failing?
rlm_ldap takes the "groupmembership_filter" you give it, and then ANDs
it with groupname=value, like so:
final_filter = sprintf("(&(%s=%s)%s)"
groupname_attr,
groupname,
groupmembership_filter
)
This query will end up looking something like this:
(&(cn=TheGroup)(|(member=<LDAP DN>)(uniquemember=<LDAP DN>)))
...and should never return >1 hit.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
