Granting varied levels of NAS permission based on LDAP group membership
Michael Ströder
michael at stroeder.com
Fri Apr 22 15:57:36 UTC 2022
On 4/22/22 14:21, Nick Porter wrote:
> To get a user's nested group membership in the LDAP-Group attribute, you
> need to use the membership_filter configuration item, rather than
> membership_attribute, using the appropriate Active Directory extended
> match filter:
>
> membership_filter =
> "(member:1.2.840.113556.1.4.1941:=%{control:${..user_dn}})"
Note that this matching rule only works with MS Active Directory, but
not with other LDAP servers.
Not sure whether the original poster uses MS AD.
Ciao, Michael.
More information about the Freeradius-Users
mailing list