LDAP Group Membership

peter.geiser at id.unibe.ch peter.geiser at id.unibe.ch
Mon Apr 28 13:57:17 CEST 2014


No it’s not possible, i tried it.


The Documentation says:

<attribute name>:<matching rule OID>:=<value>


So (member:1.2.840.113556.1.4.1941:=(cn=user1,cn=users,DC=x)) works but
(member:LDAP_MATCHING_RULE_IN_CHAIN:=(cn=user1,cn=users,DC=x)) not because
„LDAP_MATCHING_RULE_IN_CHAIN“ is a string and not an OID.

Which special user attribute do you mean? MemberOf? I think this works
only when the user is a direct member and not via nested groups.

- Peter

Am 28.04.14 13:23 schrieb "Arran Cudbard-Bell" unter
<a.cudbardb at freeradius.org>:

>
>On 28 Apr 2014, at 06:35, peter.geiser at id.unibe.ch wrote:
>
>> :) There is no magic - it's all documented by Microsoft:
>> 
>> - MSDN: http://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx
>> - TechNet: 
>> 
>>https://social.technet.microsoft.com/wiki/contents/articles/5392.active-d
>>ir
>> ectory-ldap-syntax-filters.aspx
>> 
>>
>
>Yes, there's another way to do it automatically too by looking for a
>special attribute in the user object.
>
>I'm just wondering if it's possible to specify the OID by it's text name,
>some of the other Microsoft documentation suggests it would be. Could
>someone try it and let me know?
>
>-Arran
>
>Arran Cudbard-Bell <a.cudbardb at freeradius.org>
>FreeRADIUS Development Team
>
>FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>



More information about the Freeradius-Users mailing list