Optimizing ldap queries to AD using users file on freeradius 2.1.12
Phil Mayers
p.mayers at imperial.ac.uk
Sat Feb 11 11:32:03 CET 2012
On 02/10/2012 05:53 PM, Luis Písco wrote:
>
> But the My-Group==2 is not evaluated.
>
> It is not possible to assign a value to an item and use it later on the
> users file?
No.
The example you show sets My-Group on the *reply*. The "users" file can
match on request items only.
> It is possible get the SID of the group instead of the DN to use to
> search on tokenGroups field of the user AD?
As far as I know this is impossible. AD doesn't support it.
More information about the Freeradius-Users
mailing list