No group membership attribute(s) found in user object

Boudjoudad Abdelkader boujoudad at gmail.com
Thu Mar 14 22:43:39 CET 2019


Thanks Alan,
We are using  LDAP 389 Directory server and not AD, what i have to change
in the if condition ?

On Thu, Mar 14, 2019, 17:11 Alan DeKok <aland at deployingradius.com> wrote:

> On Mar 14, 2019, at 5:00 PM, Boudjoudad Abdelkader <boujoudad at gmail.com>
> wrote:
> > I'm trying to update the post-auth using the condition in default file as
> > below:
> > if (&LDAP-Group == "groupname") {
>
>   That's for LDAP groups.
>
> > Or
> > if (&Group-Name== "groupname") {
>
>   That's for Unix groups.  i.e. from /etc/group
>
> > And in ldap file:
> > ldap {
> > ...
> > base_dn = 'cn=users,cn=accounts,dc=example,dc=com'
> > ...
> > }
> > ...
> > group {
> > base_dn = "${..base_dn}"
> > filter = '(objectClass=posixGroup)'
>
>   Active Directory doesn't do Posix groups.  You need to use "group".
>
> > name_attribute = cn
> > membership_filter =
> >
> "(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))"
> > membership_attribute = memberOf
> > cacheable_name = 'yes'
> > cacheable_dn = 'yes'
> > # cache_attribute = 'LDAP-Cached-Membership'
> >
> > But i'm getting:
> > No group membership attribute(s) found in user object
> >
> > What i'm missing ?
>
>   There's no group member attribute in the user object.
>
>   The recent versions of the server have instructions on configuring LDAP
> with Active Directory:
>
>
> https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/raddb/mods-available/ldap
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list