LDAP Group Membership

Arran Cudbard-Bell a.cudbardb at freeradius.org
Mon Apr 28 13:23:27 CEST 2014


On 28 Apr 2014, at 06:35, peter.geiser at id.unibe.ch wrote:

> :) There is no magic - it's all documented by Microsoft:
> 
> - MSDN: http://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx
> - TechNet: 
> https://social.technet.microsoft.com/wiki/contents/articles/5392.active-dir
> ectory-ldap-syntax-filters.aspx
> 
> The query is really performant for what it do but on a FreeRadius Server
> with heavy load you should use it in combination with the cache module.
> We have this combination in production on Campus on since 6 month without
> any problems.
> ~ 250'000 Autentications per day for 802.1x (EduRoam), VPN, ...

Yes, there's another way to do it automatically too by looking for a special attribute in the user object.

I'm just wondering if it's possible to specify the OID by it's text name, some of the other Microsoft documentation suggests it would be. Could someone try it and let me know?

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140428/aa72e083/attachment.pgp>


More information about the Freeradius-Users mailing list