Authenticating groups via LDAP
John Maher
john at chem.umass.edu
Fri May 21 23:10:09 CEST 2010
On 05/21/2010 10:44 AM, John Maher wrote:
> I didn't notice what you pointed out, but it's telling. Actually, the
> thing I noticed and am confused by is that the filter I have in
> /etc/freeradius/modules/ldap (is that simply the configuration file for
> rlm_ldap?) is this:
>
> groupmembership_filter =
> "(&(objectClass=posixGroup)(memberUid=%{Stripped-User-Name:-%{User-Name}}))"
>
> So why is the filter in the output this:
>
> (|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
I just figured this part out. The radiusd.conf file has an Include
/etc/freeradius/modules statement, and there was a file in the modules
directory called ldap.dpkg-old in that directory that was overiding the
ldap config file. That doesn't mean everything works, but at least that
mystery is solved.
John
More information about the Freeradius-Users
mailing list