LDAP usage

Jean Carlos Coelho coelho at teltecsolutions.com.br
Wed Dec 11 17:20:43 CET 2013


Hi,

Is there some way to configure ldap at radius to read only object classes and not groups? To allow or reject the access to some destination?

Eg.


  groupname_attribute = cn

  groupmembership_filter = "(&(objectClass=posixGroup)(memberUid=%{User-Name})(objectclass=brEduPerson))” Is there some way to configure ldap at radius to read only object classes and not groups? To allow

My LDAP server does not have groups, so I can’t use the above… how can I get some object classes? Instead of groups? Like (search logs in debug down):

uid=69327181034
brEduAffiliation
                                brEntranceDate: 20091008
brEduAffiliation: 1
brEduAffiliationType: employee
objectClass: brEduPerson

uid=02494605059
                brEduAffiliation=1
                               brEntranceDate: 20120110
brEduAffiliation: 1
brEduAffiliationType: student
objectClass: brEduPerson

The search returns this:


Wed Dec 11 14:18:44 2013 : Info: +- entering group post-auth {...}

Wed Dec 11 14:18:44 2013 : Info: ++? if (LDAP-Group == "student")

Wed Dec 11 14:18:44 2013 : Debug:   [ldap] Entering ldap_groupcmp()

Wed Dec 11 14:18:44 2013 : Info: expand: ou=people,dc=DOMAIN,dc=EDU -> ou=people,dc=DOMAIN,dc=EDU

Wed Dec 11 14:18:44 2013 : Info: expand: (&(objectClass=posixGroup)(memberUid=%{User-Name})(objectclass=brEduPerson)) -> (&(objectClass=posixGroup)(memberUid=74879995053)(objectclass=brEduPerson))

Wed Dec 11 14:18:44 2013 : Debug:   [ldap] ldap_get_conn: Checking Id: 0

Wed Dec 11 14:18:44 2013 : Debug:   [ldap] ldap_get_conn: Got Id: 0

Wed Dec 11 14:18:44 2013 : Debug:   [ldap] performing search in ou=people,dc=DOMAIN,dc=EDU, with filter (&(cn=student)(&(objectClass=posixGroup)(memberUid=74879995053)(objectclass=brEduPerson)))

Wed Dec 11 14:18:44 2013 : Debug:   [ldap] object not found

Wed Dec 11 14:18:44 2013 : Debug:   [ldap] ldap_release_conn: Release Id: 0

Wed Dec 11 14:18:44 2013 : Debug: rlm_ldap::ldap_groupcmp: Group student not found or user is not a member.

Wed Dec 11 14:18:44 2013 : Info: ? Evaluating (LDAP-Group == "student") -> FALSE

Thank You
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20131211/5be591ce/attachment.html>


More information about the Freeradius-Users mailing list