authentification ldap subgroup

REYNALD chekhina tchek14 at
Mon Apr 29 12:25:08 CEST 2013

I have found the solution just add this group membership filter in /etc/raddb/modules/ldap file.
groupmembership_filter = "(&(objectcategory=group)(member:1.2.840.113556.1.4.1941:=%{control:Ldap-UserDn}))"

From: tchek14 at
To: freeradius-users at
Subject: authentification ldap subgroup
Date: Wed, 24 Apr 2013 10:49:42 +0200

Hello all ! 
I have configured freeradius 2.1.12-4 with ldap group authorization. My problem is it's doesn't work with subgroup. 
I have a group with subgroup and when ldap verify group of user it doesn't see subgroup of user.
my ldap configuration modules :
ldap {#Note that this needs to match the name in the LDAP#Server certificate, if usin ldaps.server = ""identity = "cn=user_ldap,ou=users,dc=toto,dc=local"password = Toto1basedn = "dc=toto,dc=local"#filter = "(&(sAMAccountName=%{Stripped-User-Name:-%{User-Name}}))"filter = "(&(objectclass=user)(objectcategory=user)(userPrincipalName=%{%{Stripped-User-Name}:-%{User-Name}}*))"
# Group membership checking.  Disabled by default.
#groupname_attribute = cngroupmembership_filter = "(|(&(objectClass=group)(member=%Ldap-UserDn}))(&(objectClass=top)(uniquemember=%{Ldap-UserDn})))"groupmembership_attribute = memberOf
chase_referrals = yesrebind = yes}

Anyone can help me ?

Thanks in advance ! 		 	   		  

List info/subscribe/unsubscribe? See 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list