Conditional attributes with AD
Scott McLane Gardner
sgardne at uark.edu
Tue Mar 13 14:32:51 CET 2012
>
>Try looking at the groupmembership_filter option - work out a
>search that works on the command line (with a filter), and then
>fit that filter into the ldap config.
>
>It should probably something like (untested)
>
>groupname_attribute = cn
>groupmembership_filter = "(&(objectClass=group)(member=%{Ldap-UserDn}))"
>groupmembership_attribute = memberOf
>
>Run in debug, look at what it's actually searching, match to the
>config file, tweak, rinse & repeat.
>
>Matthew
Thank you! This was the pointer I needed to get this working. I'm sure
I'll have lots more questions about other aspects soon.
-Scott
More information about the Freeradius-Users
mailing list