11 Jan
2012
11 Jan
'12
8:06 a.m.
On 11/01/12 11:41, Graham Leggett wrote:
Hi all,
If you set up groups in the rlm_ldap module, and a user is found to match more than one group, that user is currently denied access.
I'm not sure I understand the circumstances in which this occurs. Can you give an example of it failing? rlm_ldap takes the "groupmembership_filter" you give it, and then ANDs it with groupname=value, like so: final_filter = sprintf("(&(%s=%s)%s)" groupname_attr, groupname, groupmembership_filter ) This query will end up looking something like this: (&(cn=TheGroup)(|(member=<LDAP DN>)(uniquemember=<LDAP DN>))) ...and should never return >1 hit.