On 01/09/2013 02:00 PM, Tyler Brady wrote:
Can someone give more details on setting up LDAP groups? So far I have attempted to modify the users file and the ldap module. I can't seem to get the ldap module configured properly, but I'm sure that's just one of many issues.ldap { # # Note that this needs to match the name in the LDAP # server certificate, if you're using ldaps. server = "ldap.your.domain" #identity = "cn=admin,o=My Org,c=UA" #password = mypass basedn = "o=My Org,c=UA" filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" #base_filter = "(objectclass=radiusprofile)" cn = username (is this correct) o= domain (is this correct) c= ? (what does this field mean)
identity is the bind dn, it's an ldap concept, refer to ldap literature to learn what a bind dn is. The bind dn you should be using is specific to your deployment, ask whoever is managing your ldap server what to use. Remember this represents a server-to-server binding, not a user-to-server binding, in other words the radius server is binding to your ldap server to perform lookup's related to users and groups thus the identity you bind as will need permission to view that portion of the ldap tree.
-- John Dennis <[email protected]> Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
