Different BaseDN for User/Group Objects in rlm_ldap
misch at schwartzkopff.org
Wed Jan 9 09:43:49 CET 2013
Am Mittwoch, 9. Januar 2013, 09:29:48 schrieb Rudolph Bott:
> Hi List,
> we are currently using rlm_ldap to check against a LDAP backend, which
> works fine so far. rlm_ldap is configured to use a BaseDN of
> "ou=poeple,dc=example,dc=org". We have also specified a group membership
> filter and are trying to enforce group memberships via the combination
> of huntgroups-file and Ldap-Group-Settings in the users file.
> According to debug output, this seems to work (since freeradius is
> trying to find the groups specified in the users file).
> However, our groups are stored underneath "ou=groups,dc=example,dc=org"
> - so rlm_ldap is not able to find them with the basedn shown above. We
> are also not able to change the basedn to something else, since there is
> a different user-tree underneath dc=example,dc=org which should not be
> taken into account by freeradius.
> Is there is possibility to set a different basedn for group lookups OR
> another feasable solution (e.g. modify the filter...?). Filter and
> groupmembership_filter are currently set to:
> filter =
> groupname_attribute = cn
> groupmembership_filter =
> Debug output states this:
> rlm_ldap: performing search in ou=poeple,dc=example,dc=org, with filter
Change the baseDN in the ldap module configuration of FR to
Dr. Michael Schwartzkopff
Tel: (0163) 172 50 98
Fax: (089) 620 304 13
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Users