LDAP OU based authentication
Alan DeKok
aland at deployingradius.com
Tue Oct 30 16:48:53 CET 2018
On Oct 30, 2018, at 10:27 AM, Tom Yard <tomyyard at gmail.com> wrote:
> But now, the AD has changed and it hasn't groups anymore. So I have to do
> an OU based authentication for the users:
That's unfortunate. Groups really are a lot simpler.
> Basedn: OU=technology,OU=mexico,DC=company,DC=com
>
> I've read that DN's are also accepted as LDAP-Group values, so now I'm
> using this condition:
>
> If (LDAP-Group == "OU=technology,OU=mexico,DC=company,DC=com")...
>
> but it doesn't work.
Because that OU isn't an LDAP group.
>
> Please how can I authenticate users in accordance with their OU and not
> their groups?
You need to run a custom LDAP query, and see if it returns any results:
if ("%{ldap:... query OU and User}") {
... matched
}
else {
... it didn't match...
}
What that query is depends on your LDAP config. I'm not enough of an expert in LDAP to say more.
Alan DeKok.
More information about the Freeradius-Users
mailing list