group authorization

Jan-Frode Myklebust janfrode at tanso.net
Wed Mar 26 08:57:57 CET 2014


On Tue, Mar 25, 2014 at 10:41:45PM -0400, Alan DeKok wrote:
> 
>   You did post the debug output in your first message, which was nice:
> 
> Debug:
>   [ldap] performing search in dc=bpk2,dc=com, with filter (uid=brendan)
> 
> You:
> the actual member "value" in the group is the "long"
> version of the uid (uid=brendan,ou=Users,dc=bpk2,dc=com).  is there
> something i can do to use the "long" version?
> 
> Me:
>   Edit the "filter" configuration in raddb/modules/ldap

Should this maybe be the "groupmembership_filter" instead of the "filter"?

Could you please post the output of:

	ldapsearch -h ldap.bpk2.com -D "cn=Manager,dc=bpk2,dc=com" -W -b dc=bpk2,dc=com "(uid=brendan)"

and similar for a group search?



  -jf


More information about the Freeradius-Users mailing list