group membership on LDAP/AD servers

Arran Cudbard-Bell a.cudbardb at freeradius.org
Fri Jul 26 17:14:23 CEST 2019


> 
>> I noticed that when defining the <server>-Ldap_Group as you suggested, the <server> prefix must match the name defined for a single server, otherwise it fails:
> 
>  Yes.
> 
>> is there a way to refer to the group of servers (something like group 389DS in authorize and the corresponding 389DS-Ldap-Group in users)?
> 
>  Unfortunately, no.

https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/raddb/mods-available/ldap#L333

Set the same cache attribute for each module, and enable cacheable_name or cacheable_dn.

Whichever module is called in the redundant section will populate the group list, which you can then check in unlang.

-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20190727/c4d75fdb/attachment-0001.sig>


More information about the Freeradius-Users mailing list