ldap stuff (v 2.1.1)

Kenneth Grady klg at lanl.gov
Tue Mar 10 15:26:23 CET 2009


I would like to have an ldap group that is another instance of ldap
(selected by departmentNumber), but I don't see how to add it into the
configuration (users file).
ldap everyonePlusMacs {
    server = "ldap"
    basedn = "dc=example,dc=com"
    filter =
"(|(&(objectClass=person)(employeenumber=%{User-Name}))(&(objectClass=pers
on)(uid=%{User-Name}))(companyHostMacAddress=%{User-Name}))"
    ...
    groupname_attribute = cn
    groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=employeeNumber=%{User-Name},ou=peo
ple,dc=lanl,dc=gov))(&(objectClass=GroupOfNames)(memberUid=%{User-Name}))))"
}
ldap NetworkingOnly {
    server = "ldap"
    basedn = "dc=example,dc=com"
    filter =
"(|(&(objectClass=person)(employeenumber=%{User-Name})(departmentNumber=IT))(&(objectClass=pers
on)(uid=%{User-Name})(departmentNumber=IT)))"
    ...
}
ldap SalesOnly {
    server = "ldap"
    basedn = "dc=example,dc=com"
    filter =
"(|(&(objectClass=person)(employeenumber=%{User-Name})(departmentNumber=Sales)(&(objectClass=pers
on)(uid=%{User-Name})(departmentNumber=Sales)))"
    ...
}



More information about the Freeradius-Users mailing list