Fwd: Re: Users-file and LDAP backend mixing questions

tnt at kalik.net tnt at kalik.net
Thu Jan 22 01:10:27 CET 2009

>>> I've checked the sources - rlm_ldap NEVER sets Ldap-Group attribute. It is used for comparison only :(
>>> Only option seems to be testing for Ldap-Group != "".
>>> Ivan Kalik
>>It will not work. Quote from rlm_ldap.c:
>>static int ldap_groupcmp(void *instance, REQUEST *req,
>>                         UNUSED VALUE_PAIR *request, VALUE_PAIR *check,
>>        if (check->vp_strvalue == NULL || check->length == 0){
>>                DEBUG("rlm_ldap::ldap_groupcmp: Illegal group name");
>>                return 1;
>>        }
>>It seems to me, that writing some patch is the only solution for my problem :)
>I have a feeling that the same (you can check the value but not use it as
>an attribute) applies to SQL-Group. I will check that one.

Yes, SQL-Group is the same.

Ivan Kalik
Kalik Informatika ISP

More information about the Freeradius-Users mailing list