Authenticate users different Domain using LDAP group search
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Tue Feb 4 15:25:41 CET 2014
>
> Finally, the users file config:
>
> DEFAULT domain1-Ldap-Group == "gr_users_wifi"
> Tunnel-Type = VLAN,
> Tunnel-Medium-Type = IEEE-802,
> Tunnel-Private-Group-Id:0 = "X"
> DEFAULT domain2-Ldap-Group == "gr_users_wifi_domain2"
> Tunnel-Type = VLAN,
> Tunnel-Medium-Type = IEEE-802,
> Tunnel-Private-Group-Id:0 = "X"
Yes. LDAP-Group should not be used in v2.x.x if multiple instances of the LDAP module are in use, the instance referred to by LDAP-Group is based on instantiation order which is quite fragile.
In v3.x.x LDAP-Group will always refer to the ldap {} (default) instance, to help avoid this sort of confusion.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140204/cbb211c8/attachment.pgp>
More information about the Freeradius-Users
mailing list