authentification ldap subgroup

REYNALD chekhina tchek14 at hotmail.com
Mon Apr 29 12:25:08 CEST 2013


I have found the solution just add this group membership filter in /etc/raddb/modules/ldap file.
groupmembership_filter = "(&(objectcategory=group)(member:1.2.840.113556.1.4.1941:=%{control:Ldap-UserDn}))"

From: tchek14 at hotmail.com
To: freeradius-users at lists.freeradius.org
Subject: authentification ldap subgroup
Date: Wed, 24 Apr 2013 10:49:42 +0200




Hello all ! 
I have configured freeradius 2.1.12-4 with ldap group authorization. My problem is it's doesn't work with subgroup. 
I have a group with subgroup and when ldap verify group of user it doesn't see subgroup of user.
my ldap configuration modules :
ldap {#Note that this needs to match the name in the LDAP#Server certificate, if you.re usin ldaps.server = "192.168.1.3"identity = "cn=user_ldap,ou=users,dc=toto,dc=local"password = Toto1basedn = "dc=toto,dc=local"#filter = "(&(sAMAccountName=%{Stripped-User-Name:-%{User-Name}}))"filter = "(&(objectclass=user)(objectcategory=user)(userPrincipalName=%{%{Stripped-User-Name}:-%{User-Name}}*))"
# Group membership checking.  Disabled by default.
#groupname_attribute = cngroupmembership_filter = "(|(&(objectClass=group)(member=%Ldap-UserDn}))(&(objectClass=top)(uniquemember=%{Ldap-UserDn})))"groupmembership_attribute = memberOf
chase_referrals = yesrebind = yes}

Anyone can help me ?

Thanks in advance ! 		 	   		  

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130429/55d5e061/attachment.html>


More information about the Freeradius-Users mailing list