LDAP Groups to Freeradius and then Ruckus Wireless?
a.cudbardb at freeradius.org
Wed May 28 12:51:48 CEST 2014
On 28 May 2014, at 11:10, Enrique Sainz Baixauli <enriquesainz.beca at intef.educacion.es> wrote:
> Hi again,
> So I'm now working with version 3.0.3 and I have moved all of my configs to
> the new format. I can do, as I did on v2.1.2, group checking in users file
> via the Ldap-Group virtual attribute. That's fine, but it's not what I need.
> I need the group info to be forwarded to the client, and I'm trying to do so
> in mods-available/ldap (symlinked to mods-enabled/). As there is no
> ldap.attrmap file and the update section in mods-available/ldap seems to be
> for that purpose, I'm mapping attributes there:
> reply:Ruckus-User-Groups := 'control:memberOf'
> Ruckus-User-Groups is defined in a dictionary file for vendor Ruckus. But
> any kind of attribute that I think may fit there I have already tried
> (memberOf, Ldap-Group, Ldap-Membership...), and no matter what I try I see a
> line like this in the debug output:
> ldap : Attribute 'control:memberOf' not found in LDAP Object
*sigh* why could you add control: to the start of memberOf attribute? LDAP has
no idea what lists are.
reply:Ruckus-User-Group += 'memberOf'
Add that and it should work, if it doesn't work post the debug output.
> So my question is: how can I have freeradius run the logic behind Ldap-Group
> and put that info in the reply? Because if I try it from users file
> Ldap-Group is recognized and run, but from ldap config it just doesn't find
> the attribute.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Freeradius-Users