LDAP Group Membership
Phil Mayers
p.mayers at imperial.ac.uk
Fri Apr 25 15:00:50 CEST 2014
On 25/04/14 12:11, Arran Cudbard-Bell wrote:
> Again 'Woha'.
>
> AD allows bitwise filters?! That's pretty cool.
>
> Someone with AD want to test and see if it allows the string form?
Not sure what you mean by "string form". You can definitely do a plain
old LDAP query with that syntax.
Couple of things to note - the "find all groups a user is in" form is
*very* slow for me. The "find if a user is in a group" requires a base
DN search against the user object, just like the tokenGroups magic
attribute (I assume it does the same thing under the hood).
More information about the Freeradius-Users
mailing list