LDAP Group Membership
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Fri Apr 25 15:23:02 CEST 2014
On 25 Apr 2014, at 14:00, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> On 25/04/14 12:11, Arran Cudbard-Bell wrote:
>
>> Again 'Woha'.
>>
>> AD allows bitwise filters?! That's pretty cool.
>>
>> Someone with AD want to test and see if it allows the string form?
>
> Not sure what you mean by "string form". You can definitely do a plain old LDAP query with that syntax.
:1.2.840.113556.1.4.1941: == :LDAP_MATCHING_RULE_IN_CHAIN:
Just the OID is quite opaque...
> Couple of things to note - the "find all groups a user is in" form is *very* slow for me. The "find if a user is in a group" requires a base DN search against the user object, just like the tokenGroups magic attribute (I assume it does the same thing under the hood).
OK
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140425/320908d1/attachment.pgp>
More information about the Freeradius-Users
mailing list