LDAP filter by OU Group

Brian Candler b.candler at pobox.com
Thu Dec 8 12:07:50 CET 2016


On 08/12/2016 07:56, Albert K wrote:
> It is perfectly good and working if I filter by "Group name"  in my case
> called "special" but I do not want to tag eveyone (quite a number of users)
> in the OU with another group just for wifi.

It sounds like you're not talking about group membership then, but the 
OU component of the user's DN?

In that case, perhaps what you want is a regexp match on the DN:

     if (&LDAP-UserDN =~ /,ou=foo,dc=example,dc=com$/i) {

"$" matches end of string, and "i" means "case insensitive"

HTH,

Brian.



More information about the Freeradius-Users mailing list