Troube with matching LDAP group membership in authorize

Alan DeKok aland at deployingradius.com
Wed Jan 31 07:54:21 CET 2007


Richard Hesse wrote:
> Rather disappointing that this limitation still exists from 2 years ago.

  As always, patches are welcome.

> Does FR2.0 have some sort of object-based virtualization that would support this?
> Like, a "LDAP group" object which you could tie LDAP instances to and make the check there?

  No, but we'd welcome patches.

  In any case, if you carefully read the text you quoted, you'll see a
solution that doesn't require patches: List ALL ldap modules in the
"instantiate" section, and list "ldap_enable" last.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list