LDAP and FreeRadius Authentication - One user, multiple groups

Mark Litchfield mark at visper.net
Fri Jul 22 18:00:54 CEST 2005

    FreeRadius 1.0.4
    OpenLDAP 2.2.27
    FreeBSD 5.4

We are trying to get FreeBSD to allow a user to be a member in multiple 
groups. Here's roughly the way we have the tree laid out.

dc: treeroot
|_ou: accounts
|  |_ou: domain1
|  |  |_uid: joe
|  |     mail: joe at domain1
|  |_ou: domain2
|     |_uid: joe
|        mail: joe at domain2
|_ou: groups
  |_cn: group1
  |  uniqueMember: uid=joe,ou=domain1,ou=accounts,dc=treeroot
  |_cn: group2
  |  uniqueMember: uid=joe,ou=domain2,ou=accounts,dc=treeroot
  |_cn: group3
  |  uniqueMember: uid=joe,ou=domain1,ou=accounts,dc=treeroot
  |_uniqueMember: uid=joe,ou=domain2,ou=accounts,dc=treeroot

I have freeradius and LDAP authenticating nicely. The problem I am 
running into is that when I id a user, it only shows the primary group 
that user is a member of. How can I get FreeRadius to report the other 
groups that the user belongs to?

Mark Litchfield

More information about the Freeradius-Users mailing list