LDAP Groups and EAP

Alan DeKok aland at deployingradius.com
Wed Jan 16 17:03:19 CET 2008


John Dennis wrote:
>>   Where is the LDAP-UserDN being set from?
> 
> It is set by rlm_ldap by performing an LDAP search on the USER_NAME
> attribute. If the search succeeds the ldap-userdn is set to the dn the
> user name was found under. This dn can then be used to efficiently point
> to the user data in the LDAP tree, think of it as a pointer (cursor) to
> be used in future LDAP queries in subsequent processing.

  Ah.  In 2.0, it's stored in the control items, not in the incoming
request:

  %{control:LDAP-UserDn} ...

  Alan DeKok.



More information about the Freeradius-Users mailing list