bug in rlm_ldap?
Norbert Wegener
nw at sbs.de
Fri Dec 16 08:28:57 CET 2005
Dusty Doris wrote:
> ...
> If this is your users file, its incorrect. Notice the placement of
> commas. The check-items should be on one line seperated by commas.
> The reply items should be over multiple lines seperated by a comma,
> except for the last line.
>
>
> HOST/lnxad.tde002.sitest.net, User-Category != 515
> Fall-Through = no
>
> HOST/lnxad.tde002.sitest.net, User-Category == 515
> Fall-Through = no
>
> HOST/lnxad.tde002.sitest.net, Auth-Type := Reject
I changed the users file as you recommended, the ldap.attrmap contains
the additional line:
checkItem User-Category primaryGroupID
Unfortunately also in this case only the Reject entry matches, although
the primaryGroupID seems to passed to User-Category:
radiusd -AX
.....
rlm_ldap: looking for check items in directory...
ldap_get_values
....
ldap_get_values
rlm_ldap: Adding LDAP attribute primaryGroupID as RADIUS attribute
User-Category == 515
ldap_get_values
Any ideas, what's going wrong?
Thanks
Norbert
More information about the Freeradius-Users
mailing list