LDAP Group Membership
Fajar A. Nugraha
list at fajar.net
Fri Apr 25 12:44:20 CEST 2014
On Fri, Apr 25, 2014 at 5:36 PM, Arran Cudbard-Bell
<a.cudbardb at freeradius.org> wrote:
>
> On 25 Apr 2014, at 07:02, <peter.geiser at id.unibe.ch> <peter.geiser at id.unibe.ch> wrote:
>
>> When you use AD then the following simple query will do all the hard workŠ
>>
>> Recursive Group Memberships
>> (member:1.2.840.113556.1.4.1941:=%{control:Ldap-UserDn})
>>
>> Or as config snipped:
>>
>> group {
>> base_dn = 'dc=foo,dc=bar'
>> scope = 'sub'
>> name_attribute = cn
>> membership_filter =
>> "(member:1.2.840.113556.1.4.1941:=%{control:Ldap-UserDn})"
>>
>> cacheable_name = "yes"
>> cacheable_dn = "no"
>> }
>>
>
> Woha, crazy. I don't even want to know what black magic that's invoking.
>
> Do you have any documentation on it? It'd be good to include a note in
> the default config.
Pasting the magic numbers to Google give this link:
http://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx
--
Fajar
More information about the Freeradius-Users
mailing list