Authenticating groups via LDAP

John Dennis jdennis at
Fri May 21 23:19:55 CEST 2010

On 05/21/2010 05:10 PM, John Maher wrote:
> On 05/21/2010 10:44 AM, John Maher wrote:
>> I didn't notice what you pointed out, but it's telling.  Actually, the
>> thing I noticed and am confused by is that the filter I have in
>> /etc/freeradius/modules/ldap (is that simply the configuration file for
>> rlm_ldap?) is this:
>> groupmembership_filter =
>> "(&(objectClass=posixGroup)(memberUid=%{Stripped-User-Name:-%{User-Name}}))"
>> So why is the filter in the output this:
>> (|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
> I just figured this part out.  The radiusd.conf file has an Include
> /etc/freeradius/modules statement, and there was a file in the modules
> directory called ldap.dpkg-old in that directory that was overiding the
> ldap config file.  That doesn't mean everything works, but at least that
> mystery is solved.

I think Josip Rodin is maintaining the deb packages. If somehow the old 
config files are overriding the new config files in the deb packages 
then you and Josip might want to work out what the problem is, sounds 
like a packaging bug. I've cc'ed Josip on this email, I know he reads 
this list but might not be paying attention to this thread.

John Dennis <jdennis at>

Looking to carve out IT costs?

More information about the Freeradius-Users mailing list