LDAP groups

Alan DeKok aland at deployingradius.com
Sat Jun 12 08:34:08 CEST 2010


Génaël VALET wrote:
> I use LDAP groups for EAP-PEAP Authentication in wifi WPA context. For now,
> I used a DEFAULT line in "users" file like this :
> 
> DEFAULT ldap_1x-Ldap-Group != "radius" , Auth-Type := Reject
>         Reply-Message = "ACCES REFUSE"
> 
> I have a LDAP Group named "radius" but I don't know howto permit another one
> LDAP Group

  See "unlang".  The LDAP group comparison has some oddities,
unfortunately.

authorize {
	...
	if ((LDAP-Group == X) || (LDAP-Group == Y)) {
		# OK
	}
	else {
		update reply {
			Reply-Messages := "Access refuse"
		}
		reject
	}


}

  Alan DeKok.



More information about the Freeradius-Users mailing list