redundant LDAP-Group

Phil Mayers p.mayers at imperial.ac.uk
Thu Dec 2 15:54:45 CET 2010


On 02/12/10 14:49, Phil Mayers wrote:
>
> Alternatively, how about:
>
> policy {
>     myldap {
>       update request {
>         Module-Failure-Message !* 0x00
>         My-Group = "%{ldap1:...}"
>       }
>       if (Module-Failure-Message) {

Nah, this won't work sorry - I was misreading the rlm_ldap.c code, 
Module-Failure-Message is only set by ldap_authorize on NOTFOUND, not 
FAIL and not in perform_search()



More information about the Freeradius-Users mailing list