Authenticating groups via LDAP
John Dennis
jdennis at redhat.com
Fri May 21 23:19:55 CEST 2010
On 05/21/2010 05:10 PM, John Maher wrote:
>
>
> On 05/21/2010 10:44 AM, John Maher wrote:
>
>> I didn't notice what you pointed out, but it's telling. Actually, the
>> thing I noticed and am confused by is that the filter I have in
>> /etc/freeradius/modules/ldap (is that simply the configuration file for
>> rlm_ldap?) is this:
>>
>> groupmembership_filter =
>> "(&(objectClass=posixGroup)(memberUid=%{Stripped-User-Name:-%{User-Name}}))"
>>
>> So why is the filter in the output this:
>>
>> (|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
>
> I just figured this part out. The radiusd.conf file has an Include
> /etc/freeradius/modules statement, and there was a file in the modules
> directory called ldap.dpkg-old in that directory that was overiding the
> ldap config file. That doesn't mean everything works, but at least that
> mystery is solved.
I think Josip Rodin is maintaining the deb packages. If somehow the old
config files are overriding the new config files in the deb packages
then you and Josip might want to work out what the problem is, sounds
like a packaging bug. I've cc'ed Josip on this email, I know he reads
this list but might not be paying attention to this thread.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeradius-Users
mailing list