LDAP Search Questions
ryuukuu
pgltechnologies at gmail.com
Wed Mar 14 20:04:05 CET 2012
Hello All,
I've got a question about the settings for limiting access/authenticating to
a specific LDAP group. I have setup a group on my OpenLDAP called "RADIUS"
and I want the users in there to be the only ones that have access. The
problem I am having is with the filters. Below is my /etc/raddb/modules/ldap
(given I cleaned up alot of the comments just for posting reasons)
server = "example.com"
port = "389"
identity = "cn=example,dc=company,dc=local"
password = xxxxx
basedn = "ou=People,dc=company,dc=local"
# access_attr = ?
# filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
# filter = "(objectclass=ogranizationalPerson)(de"
# base_filter = "(objectclass=organizationalPerson)"
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
tls {
start_tls = no
# cacertfile = /path/to/cacert.pem
# cacertdir = /path/to/ca/dir/
# certfile = /path/to/radius.crt
# keyfile = /path/to/radius.key
# randfile = /path/to/rnd
# require_cert = "demand"
}
# default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
# profile_attribute = "radiusProfileDn"
# access_attr = "dialupAccess"
# Mapping of RADIUS dictionary attributes to LDAP
# directory attributes.
dictionary_mapping = ${confdir}/ldap.attrmap
password_attribute = userPassword
auto_header = yes
# groupname_attribute = cn
# groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))"
# groupmembership_attribute = radiusGroupName
# compare_check_items = yes
# do_xlat = yes
# chase_referrals = yes
# set_auth_type = yes
}
--
View this message in context: http://freeradius.1045715.n5.nabble.com/LDAP-Search-Questions-tp5565845p5565845.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list