group authorization

brendan kearney bpk678 at gmail.com
Sat Mar 29 21:32:26 CET 2014


Not an option for me right now, but is something I will look to do
On Mar 29, 2014 4:29 PM, "Arran Cudbard-Bell" <a.cudbardb at freeradius.org>
wrote:


On 29 Mar 2014, at 19:53, Brendan Kearney <bpk678 at gmail.com> wrote:

> resending.  rejected because of size.  previously attached screenshot
> moved to imgur.  http://imgur.com/MvEuJXb
>
> On Sat, 2014-03-29 at 11:07 -0400, Brendan Kearney wrote:
>> Reran this test, with a packet capture running to validate the returned
>> data from my directory.
>>
>> As expected, the authN works but the authZ fails.  the uid is being
>> populated with the username and not the DN.  The problem is that the
>> directory is replying with a successful lookup, and is giving back the
>> DN of my id.  See attached screenshot of the packet capture.  the blue
>> highlighted lines indicate the reply from the directory with the DN.
>>
>> where do i continue looking for the reason why the DN is not being
>> populated as the value to the variable "control:Ldap-UserDn"?

Honestly, just move to 3.0.2. The LDAP code in v2.x.x looked like an
incontinent Chihuahua or other small kickable type dog, had dragged
it's way across a source file.

It got rewritten twice, once by Alan to get the code into something
understandable by humans, and then once again by me to get rid of all
the weird legacy crap like the attrmap file.

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/mailman/private/freeradius-users/attachments/20140329/bcf5be54/attachment.html>


More information about the Freeradius-Users mailing list