Re: Troube with matching LDAP group membership in authorize
This is a discussion on Re: Troube with matching LDAP group membership in authorize within the FreeRADIUS Users forums, part of the Networking and Network Related category; Richard Hesse wrote: > Nevermind I found the problem. There's a limitation in > ldap_groupcmp() such that only the ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-31-2007
|
|||
|
|||
Re: Troube with matching LDAP group membership in authorize
Richard Hesse wrote:
> Nevermind I found the problem. There's a limitation in > ldap_groupcmp() such that only the last LDAP module instantiated is > actually checked -- ignoring whatever you specify. I found this info > from > http://lists.cistron.nl/pipermail/fr...ne/033220.html. > > That's for the attribute "Ldap-Group". The module-name-prefixed version, "ldap_enable-Ldap-Group" should work fine. Your original mail listed: Hint file: DEFAULT NAS-Port-Type == Virtual, Service-Type == NAS-Prompt-User, ldap_enable-Ldap-Group := "operations", Autz-Type := ldap_enable, Auth-Type := LDAP You are using := to compare ldap_enable-Ldap-Group - use == Try setting the Autz-Type in the "users" file - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
|
Linear Mode
