On 03/24/2012 05:51 AM, dhanushka ranasinghe wrote:
Hi guys,im using freeradius with LDAP , and its authentication works fine when i use following configuration. server = "ldap.home.com" identity = "cn=admin,dc=home,dc=com" password = home basedn = "ou=users,dc=home,dc=com" filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" base_filter = "(objectclass=radiusprofile)" access_attr = "uid" authtype = ldap but , then i created the LDAP group, and add the members to that, eg : dn: cn=people,ou=users,dc=home,dc=com objectClass: groupOfNames objectClass: top cn: wso2 member: uid=userone,ou=user,dc=home,dc=com member: uid=usertwo,ou=user,dc=home,dc=com , then i change my ldap config as follows , server = "ldap.home.com" identity = "cn=admin,dc=home,dc=com" password = home basedn = "cn=people,ou=users,dc=home,dc=com" filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" base_filter = "(objectclass=radiusprofile)" access_attr = "uid" authtype = ldap but this method is not working , radius debug output says, user cannot be searched within that group. , is there any particular search method that i need use... ? , what can i do to sort out this problem ?
This is all completely wrong. You have told the LDAP module to search for all objects, including users, starting from the DN of the group you have created.
Set your LDAP back how it was, then uncomment the "groupmembership_filter" and "groupname_attribute" in the "ldap" module config, that comes with the server by default. It should just work.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
