LDAP Group Membership
Josh Essar
jessar at kvcc.edu
Fri Apr 25 19:45:32 CEST 2014
Peter Geiser wrote:
> When you use AD then the following simple query will do all the hard workŠ
>
> Recursive Group Memberships
> (member:1.2.840.113556.1.4.1941:=%{control:Ldap-UserDn})
Awesome! That will come in handy in the future. Thank you!
Phil Mayers wrote:
> Couple of things to note - the "find all groups a user is in" form is
> *very* slow for me. The "find if a user is in a group" requires a base
> DN search against the user object, just like the tokenGroups magic
> attribute (I assume it does the same thing under the hood).
Ah, I see the difference. Much faster. Thank you!
More information about the Freeradius-Users
mailing list