avoiding ldap group search

Gopinath Reddy N gnreddy at gmail.com
Fri Feb 22 11:01:13 CET 2008


Hi,

Presently my system is configured in such a way that freeradius checks
whether user is present in ldap server and then it searches to find the user
group in ldap.

Is there a way I can avoid this? Basically I want to see if a user is
present in Ldap server if he is present I will go ahead and authorize him
instead of finding his group etc.

My ldap configuration in radiusd.conf at present is:

ldap ldap_primary {
                server = 157.235.205.31
                port = 389
                identity = "cn=Administrator,cn=Users,dc=xyt,dc=dyx,dc=com"
                password = temppass
                basedn = cn=Users,dc=xyt,dc=dyx,dc=com
                filter =
"(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})"
                start_tls = no
                access_attr = "dialupacces"
                dictionary_mapping = ${raddbdir}/ldap.attrmap
                ldap_connections_number = 5
                password_attribute = UserPassword
                groupname_attribute = cn
                groupmembership_filter =
"(|(&(objectClass=group)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember==%{Ldap-UserDn})))"
                groupmembership_attribute = radiusGroupName
                timeout = 4
                timelimit = 3
                net_timeout = 5
                access_attr_used_for_allow = no
        }

Iam using radius server 1.1.6 version.

Thanks in advance
-gnr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080222/2eb96e66/attachment.html>


More information about the Freeradius-Users mailing list