LDAP Group Membership
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Fri Apr 25 13:52:57 CEST 2014
On 25 Apr 2014, at 12:11, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>
> On 25 Apr 2014, at 11:44, Fajar A. Nugraha <list at fajar.net> wrote:
>
>> On Fri, Apr 25, 2014 at 5:36 PM, Arran Cudbard-Bell
>> <a.cudbardb at freeradius.org> wrote:
>>>
>>> On 25 Apr 2014, at 07:02, <peter.geiser at id.unibe.ch> <peter.geiser at id.unibe.ch> wrote:
>>>
>>>> When you use AD then the following simple query will do all the hard workŠ
>>>>
>>>> Recursive Group Memberships
>>>> (member:1.2.840.113556.1.4.1941:=%{control:Ldap-UserDn})
>>>>
>>>> Or as config snipped:
>>>>
>>>> group {
>>>> base_dn = 'dc=foo,dc=bar'
>>>> scope = 'sub'
>>>> name_attribute = cn
>>>> membership_filter =
>>>> "(member:1.2.840.113556.1.4.1941:=%{control:Ldap-UserDn})"
>>>>
>>>> cacheable_name = "yes"
>>>> cacheable_dn = "no"
>>>> }
>>>>
>>>
>>> Woha, crazy. I don't even want to know what black magic that's invoking.
>>>
>>> Do you have any documentation on it? It'd be good to include a note in
>>> the default config.
>>
>> Pasting the magic numbers to Google give this link:
>> http://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx
>
> Again 'Woha'.
Which is the British spelling of Woah :)
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140425/5d204fbf/attachment.pgp>
More information about the Freeradius-Users
mailing list