Active directory integration and grant access base on AD group membership

Alan DeKok aland at deployingradius.com
Wed Feb 15 18:21:42 CET 2017


On Feb 15, 2017, at 12:15 PM, Luc Paulin <paulinster at gmail.com> wrote:
> 
> Ok thanx for your reply .. I think that I now start to better understand
> how the this work..  So policies need/can be written within the auth so we
> can reject request base on the person's group membership and huntgroup ..
> 
> So base on this I made this simple switch case that I added to the
> authorize section after the ldap module

  OK.

> However when I test I dont seem to be getting the expecting result.
> 
> ++[pap] = noop

  You're running version 2.  Ugh.  Why not upgrade to a version of the server which was released in the last 5 years?

> Look like the Ldap-Group did found that the user is member of the
> devopsuser group, which is correct, however, when I do the negative compare
> (!=) it also return true.  I have also tried with "=="  got the exact same
> result,

  In v2, you have to do:

	if (!(LDAP-Group == "foo")) {

  This is fixed in v3.  There are a LOT of good reasons for upgrading to v3.

  Alan DeKok.




More information about the Freeradius-Users mailing list