Authenticating groups via LDAP

John Maher john at chem.umass.edu
Fri May 21 23:10:09 CEST 2010



On 05/21/2010 10:44 AM, John Maher wrote:

> I didn't notice what you pointed out, but it's telling.  Actually, the
> thing I noticed and am confused by is that the filter I have in
> /etc/freeradius/modules/ldap (is that simply the configuration file for
> rlm_ldap?) is this:
> 
> groupmembership_filter =
> "(&(objectClass=posixGroup)(memberUid=%{Stripped-User-Name:-%{User-Name}}))"
> 
> So why is the filter in the output this:
> 
> (|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))

I just figured this part out.  The radiusd.conf file has an Include
/etc/freeradius/modules statement, and there was a file in the modules
directory called ldap.dpkg-old in that directory that was overiding the
ldap config file.  That doesn't mean everything works, but at least that
mystery is solved.

John



More information about the Freeradius-Users mailing list