redundant LDAP-Group
Alexander Clouter
alex at digriz.org.uk
Thu Dec 2 14:12:58 CET 2010
Josip Rodin <joy at entuzijast.net> wrote:
>
>> DEFAULT NAS-Identifier == switch, Huntgroup-Name == allied-telesis, ldap_login1-LDAP-Group == it-switch-admin
>> DEFAULT NAS-Identifier == switch, Huntgroup-Name == allied-telesis, ldap_login2-LDAP-Group == it-switch-admin
>>
>> instantiate {
>> ldap_login1
>> ldap_login2
>
> This sounds like you're comparing attributes called "ldap_login1-LDAP-Group"
> and "ldap_login2-LDAP-Group". Presumably these are generated with those
> distinct names, by your two LDAP module instances.
>
> How do the definitions of those two look like?
> IOW have you tried using a common LDAP attribute map in both?
>
http://wiki.freeradius.org/Rlm_ldap#Group_Support
Cheers
--
Alexander Clouter
.sigmonster says: Screw up your courage! You've screwed up everything else.
More information about the Freeradius-Users
mailing list