groupmembership_filter for LDAP module
Alexei Monastyrnyi
alexeim at orcsoftware.com
Mon Aug 21 23:12:24 CEST 2006
Hi List.
I am trying to enable group filter to allow only certain LDAP users to
be able to login to my VPN hub.
I run FreeRADIUS 1.0.2 on SPARC Solaris 9
All users are in group
cn=vpnusers,ou=group,dc=mydomain,dc=com
listed as "memberUid"s
In radiusd.conf I have the following
filter =
"(&(objectClass=posixAccount)(uid=%{Stripped-User-Name:-%{User-Name}}))"
groupmembership_filter =
(&(&(cn=vpnusers)(objectClass=posixGroup))(memberUid=%{Stripped-User-Name:-%{User-Name}}))
groupmembership_attribute = "vpnusers"
It doesn't seem to work, no sign of searching for "vpnusers" in LDAP
server logs and users that are not in this group are still able to log in.
I may be missing something... Hints of where to look would be highly
appreciated.
Cheers,
A.
More information about the Freeradius-Users
mailing list