group membership on LDAP/AD servers

Stefano Cailotto [EDALab] stefano.cailotto at
Fri Jul 26 17:49:41 CEST 2019


unfortunately I'm using 2.2.8 (and my customer doesn't want to upgrade at the 
moment (as for Alan's previous reply).

On 7/26/19 5:14 PM, Arran Cudbard-Bell wrote:
>>> I noticed that when defining the <server>-Ldap_Group as you suggested, the <server> prefix must match the name defined for a single server, otherwise it fails:
>>   Yes.
>>> is there a way to refer to the group of servers (something like group 389DS in authorize and the corresponding 389DS-Ldap-Group in users)?
>>   Unfortunately, no.
> Set the same cache attribute for each module, and enable cacheable_name or cacheable_dn.
> Whichever module is called in the redundant section will populate the group list, which you can then check in unlang.
> -Arran
> -
> List info/subscribe/unsubscribe? See

  Stefano Cailotto
  EDALab s.r.l. - Networked Embedded Systems
  Sede operativa:
  Via ca Nova Zampieri, 12, 37057 San Giovanni Lupatoto (VR) - Italy
  Sede legale:
  Cà Vignal 2, Strada Le Grazie, 15, 37134 Verona - Italy
  C.F./P.IVA/Iscr. Reg. Imprese di Verona n.  03706250234
  Numero REA: VR - 358813
  Capitale sociale: 10.000 euro
  email:  stefano.cailotto at
  web: |
  skype:  stefano.cailotto
  tel:    +39-045-257-0357
  mobile: +39-391-731-0244

More information about the Freeradius-Users mailing list