Virtual Server and Ldap-Group
Alan DeKok
aland at deployingradius.com
Wed Jan 23 17:30:35 CET 2008
Robin Gruyters wrote:
> I was just wondering what will be the best solution to check on LDAP Groups.
> (Ldap-Group)
> Check them (as before) in the users file, or somewhere in the virtual server
> configuration with a switch/case statement.
Hmm... for now, checking them in the "users" file is probably the best
way to go. It may be difficult to get it to work in "unlang" until some
minor changes are made to support this.
> ..
> switch "%{control:Ldap-Group}" {
I don't think that this will work right now. The LDAP-Group attribute
is "virtual", and doesn't really exist... it can only be used for
comparisons, and even then, only for certain kinds of comparisons.
Also, using it in a "switch" statement won't work, as the user may be
in multiple groups. If you do want to use a "switch" statement, I
suggest just using an LDAP query:
switch "%{ldap: ....}" {
...
Alan DeKok.
More information about the Freeradius-Users
mailing list