Ldap Group Membership Requirements
Cody Jarrett
cody.jarrett at itfreedom.com
Wed Jun 20 18:46:37 CEST 2007
So it will search and find the group, but I can still connect with my
user even though it isn't in that group. Any ideas on how to keep a user
from connecting if their account isn't in that group?
Thibault Le Meur wrote:
>> Basically trying to
>> figure out
>> what I need to add to these lines: groupname_attribute,
>> groupmembership_filter, and groupmembership_attribute. Also
>> not sure if
>> I need to add something to users file like: DEFAULT LDAP-Group ==
>> "wireless". Can anyone provide input on what I need to
>> configure, Thanks.
>>
>> wireless group in ldap, you can see cjarrett is a member:
>> dn: cn=wireless,ou=Groups,dc=itfreedom,dc=com
>> objectClass: posixGroup
>> cn: wireless
>> gidNumber: 1011
>> memberUid: cjarrett
>>
>
> You're using POSIXGroups:
> groupname_attribute = cn
> Groupmembership_filter = "(&(objectclass=posixGroup)(memberUid=%u))
>
> No groupmembership_attribute.
>
>
> In you users file, for instance:
> DEFAULT LDAP-Group == "wireless" ...
>
>
> See /usr/share/doc/freeradius/rlm_ldap text file.
>
> HTH,
> Thibault
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070620/bf343fdd/attachment.html>
More information about the Freeradius-Users
mailing list