No group membership attribute(s) found in user object
Boudjoudad Abdelkader
boujoudad at gmail.com
Thu Mar 14 22:43:39 CET 2019
Thanks Alan,
We are using LDAP 389 Directory server and not AD, what i have to change
in the if condition ?
On Thu, Mar 14, 2019, 17:11 Alan DeKok <aland at deployingradius.com> wrote:
> On Mar 14, 2019, at 5:00 PM, Boudjoudad Abdelkader <boujoudad at gmail.com>
> wrote:
> > I'm trying to update the post-auth using the condition in default file as
> > below:
> > if (&LDAP-Group == "groupname") {
>
> That's for LDAP groups.
>
> > Or
> > if (&Group-Name== "groupname") {
>
> That's for Unix groups. i.e. from /etc/group
>
> > And in ldap file:
> > ldap {
> > ...
> > base_dn = 'cn=users,cn=accounts,dc=example,dc=com'
> > ...
> > }
> > ...
> > group {
> > base_dn = "${..base_dn}"
> > filter = '(objectClass=posixGroup)'
>
> Active Directory doesn't do Posix groups. You need to use "group".
>
> > name_attribute = cn
> > membership_filter =
> >
> "(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))"
> > membership_attribute = memberOf
> > cacheable_name = 'yes'
> > cacheable_dn = 'yes'
> > # cache_attribute = 'LDAP-Cached-Membership'
> >
> > But i'm getting:
> > No group membership attribute(s) found in user object
> >
> > What i'm missing ?
>
> There's no group member attribute in the user object.
>
> The recent versions of the server have instructions on configuring LDAP
> with Active Directory:
>
>
> https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/raddb/mods-available/ldap
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list