Ldap Group Membership Requirements

Cody Jarrett cody.jarrett at itfreedom.com
Wed Jun 20 18:46:37 CEST 2007


So it will search and find the group, but I can still connect with my 
user even though it isn't in that group. Any ideas on how to keep a user 
from connecting if their account isn't in that group?



Thibault Le Meur wrote:
>> Basically trying to 
>> figure out 
>> what I need to add to these lines: groupname_attribute, 
>> groupmembership_filter, and groupmembership_attribute. Also 
>> not sure if 
>> I need to add something to users file like: DEFAULT LDAP-Group == 
>> "wireless". Can anyone provide input on what I need to 
>> configure, Thanks.
>>
>> wireless group in ldap, you can see cjarrett is a member:
>> dn: cn=wireless,ou=Groups,dc=itfreedom,dc=com
>> objectClass: posixGroup
>> cn: wireless
>> gidNumber: 1011
>> memberUid: cjarrett
>>     
>
> You're using POSIXGroups:
> groupname_attribute = cn
> Groupmembership_filter = "(&(objectclass=posixGroup)(memberUid=%u))
>
> No groupmembership_attribute.
>
>
> In you users file, for instance:
> DEFAULT LDAP-Group ==  "wireless" ...
>
>
> See /usr/share/doc/freeradius/rlm_ldap text file.
>
> HTH,
> Thibault
>
>
>
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070620/bf343fdd/attachment.html>


More information about the Freeradius-Users mailing list