Active directory integration and grant access base on AD group membership
Alan DeKok
aland at deployingradius.com
Wed Feb 15 18:21:42 CET 2017
On Feb 15, 2017, at 12:15 PM, Luc Paulin <paulinster at gmail.com> wrote:
>
> Ok thanx for your reply .. I think that I now start to better understand
> how the this work.. So policies need/can be written within the auth so we
> can reject request base on the person's group membership and huntgroup ..
>
> So base on this I made this simple switch case that I added to the
> authorize section after the ldap module
OK.
> However when I test I dont seem to be getting the expecting result.
>
> ++[pap] = noop
You're running version 2. Ugh. Why not upgrade to a version of the server which was released in the last 5 years?
> Look like the Ldap-Group did found that the user is member of the
> devopsuser group, which is correct, however, when I do the negative compare
> (!=) it also return true. I have also tried with "==" got the exact same
> result,
In v2, you have to do:
if (!(LDAP-Group == "foo")) {
This is fixed in v3. There are a LOT of good reasons for upgrading to v3.
Alan DeKok.
More information about the Freeradius-Users
mailing list