avoiding ldap group search
Hi,
Presently my system is configured in such a way that freeradius checks whether user is present in ldap server and then it searches to find the user group in ldap.
Is there a way I can avoid this? Basically I want to see if a user is present in Ldap server if he is present I will go ahead and authorize him instead of finding his group etc.
My ldap configuration in radiusd.conf at present is:
ldap ldap_primary {
server =
157.235.205.31 port = 389
identity = "cn=Administrator,cn=Users,dc=xyt,dc=dyx,dc=com"
password = temppass
basedn = cn=Users,dc=xyt,dc=dyx,dc=com
filter = "(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
access_attr = "dialupacces"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
password_attribute = UserPassword
groupname_attribute = cn
groupmembership_filter = "(|(&(objectClass=group)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember==%{Ldap-UserDn})))"
groupmembership_attribute = radiusGroupName
timeout = 4
timelimit = 3
net_timeout = 5
access_attr_used_for_allow = no
}
Iam using radius server 1.1.6 version.
Thanks in advance
-gnr
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.