LDAP groups and profiles
Alan DeKok
aland at deployingradius.com
Mon Feb 4 21:51:11 CET 2013
Chris Taylor wrote:
>
>
> I have RADIUS running with multiple realms and multiple LDAP back ends
> that stores all my user attributes. I am trying to apply different user
> profiles to different groups. What I did was setup the profile in the
> USERS file, add the group attributes to the ldap config file, and on the
> user’s LDAP account I added the attribute radiusGroupName with the value
> “residential_profile”, but I can’t seem to get it to work correctly.
The debug output is pretty clear. It does an LDAP search, and the
object isn't found.
Make sure that (a) the object is in LDAP, and (b) you've configured
FreeRADIUS to do the right LDAP search.
> It
> doesn’t seem to query the correct backend.
For backend-specific queries, prefix the LDAP-Group with the backend name:
> ldap ldap2.REALM-2.ca {
> basedn = "ou=radius,o=REALM-2.ca,dc=container,dc=ca"
To query this backend, use "ldap2.REALM-2.ca-LDAP-Group == ..."
Alan DeKok.
More information about the Freeradius-Users
mailing list