Group checking in ldap authorization
Phil Mayers
p.mayers at imperial.ac.uk
Tue Mar 22 15:46:55 CET 2011
On 22/03/11 14:24, Robert Roll wrote:
> Below is what I have in my authorization section. I
>
> update control {
> ldapADut-Ldap-Group := "cn=chemVLAN,OU=Groups,OU=UofURadius,dc=ad,dc=utah,dc=edu"
> }
>
> ldapADut {
> notfound = reject
> }
Where did you get this from? It's totally wrong.
Try:
if (Ldap-Group == chemVLAN) {
}
Ldap-Group (or modname-Ldap-Group) is a "virtual" attribute, that will
perform the group membership check when you run a comparison.
More information about the Freeradius-Users
mailing list