Ldap-Group DN and the match "=~" check
Phil Mayers
p.mayers at imperial.ac.uk
Mon Jul 17 19:00:17 CEST 2006
>
> Maybe... but is ldap xlat yet available in the "users" file ? As stated in
> doc/rlm_ldap I thought it was only "hopefully shortly" available ?
FreeRadius 1.1.0 definitely has it. Can't remember but I recall earlier
versions having it too.
Using it in the exact manner you want will be tricky however, since the
result of the LDAP URI searched for an xlat can only be a single entry,
and only a single attribute of that entry.
There's a lot of funky stuff hidden away in the LDAP module, most of
which I don't pretend to understand (e.g. profiles, default profiles,
etc.) but you may be able to use that if you can't get the group thing
to work directly.
To be honest though, dumping user->group mappings every N minutes and
using rlm_passwd to put them into the request may be easier.
More information about the Freeradius-Users
mailing list