Ldap-Group DN and the match "=~" check
Thibault Le Meur
Thibault.LeMeur at supelec.fr
Mon Jul 17 16:39:33 CEST 2006
> > Am I missing something or is this setup impossible with
> Ldap-Groups ?
>
> You are missing something.
>
> Ldap-Group is not a real attribute that's copied to the config items.
> It's a "virtual" attribute. At runtime, the right-hand-side of the
> comparison is searched for in the LDAP directory.
Ok, that was what I missed indeed. However, I haven't seen it in the
rlm_ldap doc file: your last paragraph is worth adding to this file I think
;-)
> There's no way to do what you want currently. Source code
> changes and/or
> clever use of the ldap xlat might do it (see doc/rlm_ldap)
Maybe... but is ldap xlat yet available in the "users" file ? As stated in
doc/rlm_ldap I thought it was only "hopefully shortly" available ?
Thanks a lot for your answer.
Regards,
Thibault Le Meur
More information about the Freeradius-Users
mailing list