LDAP Group Membership

Josh Essar jessar at kvcc.edu
Fri Apr 25 19:45:32 CEST 2014


Peter Geiser wrote:
> When you use AD then the following simple query will do all the hard workŠ
> 
> Recursive Group Memberships
> (member:1.2.840.113556.1.4.1941:=%{control:Ldap-UserDn})

Awesome! That will come in handy in the future. Thank you!


Phil Mayers wrote:
> Couple of things to note - the "find all groups a user is in" form is 
> *very* slow for me. The "find if a user is in a group" requires a base 
> DN search against the user object, just like the tokenGroups magic
> attribute (I assume it does the same thing under the hood).

Ah, I see the difference. Much faster. Thank you!




More information about the Freeradius-Users mailing list