LDAP Group assign to vlan after AD user authentication
Arnaud Loonstra
arnaud at z25.org
Tue Jan 24 11:56:58 CET 2012
On 01/24/2012 08:48 AM, Arran Cudbard-Bell wrote:
[snip]
>
> IIRC the LDAP Module is actually smart enough to figure out whether you passed in a DN as a group or just a groupname, so in theory if you have the filters and search depth set correctly you can just use Ldap-Group == "mygroup".
>
> -Arran
[snip]
Indeed the LDAP module is smart enough however from a optimisation point
of view I prefer to enter the full DN of the group. This way only one
query is performed on the LDAP tree. Otherwise it will do more queries
to find what it needs.
Rg,
Arnaud
More information about the Freeradius-Users
mailing list