LDAP Search Questions

ryuukuu pgltechnologies at gmail.com
Wed Mar 14 20:04:05 CET 2012


Hello All,

I've got a question about the settings for limiting access/authenticating to
a specific LDAP group. I have setup a group on my OpenLDAP called "RADIUS"
and I want the users in there to be the only ones that have access. The
problem I am having is with the filters. Below is my /etc/raddb/modules/ldap
(given I cleaned up alot of the comments just for posting reasons)

	server = "example.com"
	port = "389"
	identity = "cn=example,dc=company,dc=local"
	password = xxxxx
	basedn = "ou=People,dc=company,dc=local"
#	access_attr = ?
#	filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
#	filter = "(objectclass=ogranizationalPerson)(de"	
#	base_filter = "(objectclass=organizationalPerson)"

	ldap_connections_number = 5
	timeout = 4
	timelimit = 3
	net_timeout = 1
	tls {
		start_tls = no

		# cacertfile	= /path/to/cacert.pem
		# cacertdir		= /path/to/ca/dir/
		# certfile		= /path/to/radius.crt
		# keyfile		= /path/to/radius.key
		# randfile		= /path/to/rnd
		# require_cert	= "demand"
	}

	# default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
	# profile_attribute = "radiusProfileDn"
	# access_attr = "dialupAccess"
	# Mapping of RADIUS dictionary attributes to LDAP
	# directory attributes.
	dictionary_mapping = ${confdir}/ldap.attrmap
	 password_attribute = userPassword
	 auto_header = yes
	# groupname_attribute = cn
	# groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))"
	# groupmembership_attribute = radiusGroupName
	# compare_check_items = yes
	# do_xlat = yes
	# chase_referrals = yes
	# set_auth_type = yes
}


--
View this message in context: http://freeradius.1045715.n5.nabble.com/LDAP-Search-Questions-tp5565845p5565845.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.


More information about the Freeradius-Users mailing list