El 23/04/15 a las 08:39, Angel L. Mateo escribió:
El 22/04/15 a las 14:47, Arran Cudbard-Bell escribió:
It shouldn't be a hard failure unless you're using v3.1.x.
Make sure you're building from v3.0.x where it should just be a warning.
Or I guess you were previously building from. I though't we'd made this a non fatal error, due the likelihood that places would be missed...
I have built it from source v3.0.7.
My problem is that although it's a warning, my ldap configuration does not make any ldap search for groups.
I have seen that 3.0.8 has already been released, so I have upgraded (in my test environment). Now I don't have the "dynamic expansion..." error, but ldap module is still not searching for groups. In my ldap I have my users and groups with a posix schema. Primary group of the user are in the gidNumber attribute of the user. This group has a posixGroup entry in the ldap. In this entry there are memberUid attributes for the users belonging to the group (but this is not its primary group). So, in my ldap module configuration I have: group { base_dn = '<my base dn>' filter = '(objectClass=posixGroup)' name_attribute = gidNumber membership_filter = "(|(&(uid=%{%{Stripped-User-Name}:-%{User-Name}})(objectClass=posixAccount))(&(objectClass=posixGroup)(memberUid=%{%{Stripped-User-Name}:-%{User-Name}})) membership_attribute = 'uid' } and in the site configuration: authorize { preprocess suffix files ldap mschap pap expiration } Then, in my users file I have something like: DEFAULT Realm == um.es, Ldap-Group == 1001, Auth-Type := Reject Reply-Message = "..." Fall-Through = No DEFAULT Realm == um.es Fall-Through = No but, radius never make any search to match the group of the users. Any idea? -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868887590 Fax: 868888337