LDAP Group Membership
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Fri Apr 25 12:36:04 CEST 2014
On 25 Apr 2014, at 07:02, <peter.geiser at id.unibe.ch> <peter.geiser at id.unibe.ch> wrote:
> When you use AD then the following simple query will do all the hard workŠ
>
> Recursive Group Memberships
> (member:1.2.840.113556.1.4.1941:=%{control:Ldap-UserDn})
>
> Or as config snipped:
>
> group {
> base_dn = 'dc=foo,dc=bar'
> scope = 'sub'
> name_attribute = cn
> membership_filter =
> "(member:1.2.840.113556.1.4.1941:=%{control:Ldap-UserDn})"
>
> cacheable_name = "yes"
> cacheable_dn = "no"
> }
>
Woha, crazy. I don't even want to know what black magic that's invoking.
Do you have any documentation on it? It'd be good to include a note in
the default config.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140425/c4473fee/attachment.pgp>
More information about the Freeradius-Users
mailing list