group membership on LDAP/AD servers
Stefano Cailotto [EDALab]
stefano.cailotto at edalab.it
Fri Jul 26 17:49:41 CEST 2019
Thanks,
unfortunately I'm using 2.2.8 (and my customer doesn't want to upgrade at the
moment (as for Alan's previous reply).
On 7/26/19 5:14 PM, Arran Cudbard-Bell wrote:
>>> I noticed that when defining the <server>-Ldap_Group as you suggested, the <server> prefix must match the name defined for a single server, otherwise it fails:
>> Yes.
>>
>>> is there a way to refer to the group of servers (something like group 389DS in authorize and the corresponding 389DS-Ldap-Group in users)?
>> Unfortunately, no.
> https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/raddb/mods-available/ldap#L333
>
> Set the same cache attribute for each module, and enable cacheable_name or cacheable_dn.
>
> Whichever module is called in the redundant section will populate the group list, which you can then check in unlang.
>
> -Arran
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefano Cailotto
---------------------------------------------------------------------------
EDALab s.r.l. - Networked Embedded Systems
Sede operativa:
Via ca Nova Zampieri, 12, 37057 San Giovanni Lupatoto (VR) - Italy
Sede legale:
Cà Vignal 2, Strada Le Grazie, 15, 37134 Verona - Italy
C.F./P.IVA/Iscr. Reg. Imprese di Verona n. 03706250234
Numero REA: VR - 358813
Capitale sociale: 10.000 euro
---------------------------------------------------------------------------
email: stefano.cailotto at edalab.it
web: http://www.edalab.it | https://www.box-io.com
skype: stefano.cailotto
tel: +39-045-257-0357
mobile: +39-391-731-0244
---------------------------------------------------------------------------
More information about the Freeradius-Users
mailing list