ldap stuff (v 2.1.1)
Kenneth Grady
klg at lanl.gov
Tue Mar 10 15:26:23 CET 2009
I would like to have an ldap group that is another instance of ldap
(selected by departmentNumber), but I don't see how to add it into the
configuration (users file).
ldap everyonePlusMacs {
server = "ldap"
basedn = "dc=example,dc=com"
filter =
"(|(&(objectClass=person)(employeenumber=%{User-Name}))(&(objectClass=pers
on)(uid=%{User-Name}))(companyHostMacAddress=%{User-Name}))"
...
groupname_attribute = cn
groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=employeeNumber=%{User-Name},ou=peo
ple,dc=lanl,dc=gov))(&(objectClass=GroupOfNames)(memberUid=%{User-Name}))))"
}
ldap NetworkingOnly {
server = "ldap"
basedn = "dc=example,dc=com"
filter =
"(|(&(objectClass=person)(employeenumber=%{User-Name})(departmentNumber=IT))(&(objectClass=pers
on)(uid=%{User-Name})(departmentNumber=IT)))"
...
}
ldap SalesOnly {
server = "ldap"
basedn = "dc=example,dc=com"
filter =
"(|(&(objectClass=person)(employeenumber=%{User-Name})(departmentNumber=Sales)(&(objectClass=pers
on)(uid=%{User-Name})(departmentNumber=Sales)))"
...
}
More information about the Freeradius-Users
mailing list