LDAP Groups to Freeradius and then Ruckus Wireless?

Arran Cudbard-Bell a.cudbardb at freeradius.org
Wed May 28 12:51:48 CEST 2014


On 28 May 2014, at 11:10, Enrique Sainz Baixauli <enriquesainz.beca at intef.educacion.es> wrote:

> Hi again,
> 
> So I'm now working with version 3.0.3 and I have moved all of my configs to
> the new format. I can do, as I did on v2.1.2, group checking in users file
> via the Ldap-Group virtual attribute. That's fine, but it's not what I need.
> I need the group info to be forwarded to the client, and I'm trying to do so
> in mods-available/ldap (symlinked to mods-enabled/). As there is no
> ldap.attrmap file and the update section in mods-available/ldap seems to be
> for that purpose, I'm mapping attributes there:
> 
> reply:Ruckus-User-Groups	:= 'control:memberOf'
> 
> Ruckus-User-Groups is defined in a dictionary file for vendor Ruckus. But
> any kind of attribute that I think may fit there I have already tried
> (memberOf, Ldap-Group, Ldap-Membership...), and no matter what I try I see a
> line like this in the debug output:
> 
> ldap :  Attribute 'control:memberOf' not found in LDAP Object

*sigh* why could you add control: to the start of memberOf attribute? LDAP has
no idea what lists are.

Use:

update {
	reply:Ruckus-User-Group += 'memberOf'
}

Add that and it should work, if it doesn't work post the debug output.

> 
> So my question is: how can I have freeradius run the logic behind Ldap-Group
> and put that info in the reply? Because if I try it from users file
> Ldap-Group is recognized and run, but from ldap config it just doesn't find
> the attribute.

Yes.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140528/2ae4fa73/attachment.pgp>


More information about the Freeradius-Users mailing list