cacheable groups for ldap

dextá dexter7bbot at gmail.com
Mon May 22 16:12:09 UTC 2023


Hello,

Is there any limit on how many groups can be cached via ldap module?

I ask because I have some users who have 80 groups in their profile. This
is because we use AD + Moodle to manage the courses.

This particular user is unable to connect to the Wi-Fi. I suspect that the
reason might be having too many groups in their profile.

ldap module
----------------
ldap haproxy-dc {
server = 172.16.7.230
port = 389
identity = 'CN=Administrator,CN=Users,dc=mydc,dc=net'
password = ******
base_dn = 'dc=mydc,dc=net'
group_dn = 'OU=GRUPOS,dc=mydc,dc=net'

user {
base_dn = "OU=USUARIOS,${..base_dn}"
filter = "(samaccountname=%{%{Stripped-User-Name}:-%{User-Name}})"
scope = 'sub'
access_positive = yes
}

group {
base_dn = "OU=GRUPOS,${..base_dn}"
filter = "(objectClass=group)"
scope = 'base'
name_attribute = cn
membership_filter =
"(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))"
membership_attribute = 'memberOf'
cacheable_name = 'no'
cacheable_dn = 'yes'
cache_attribute = 'LDAP-Group'
}

options {
chase_referrals = yes
rebind = yes
res_timeout = 20
srv_timelimit = 20
net_timeout = 10
idle = 60
probes = 3
interval = 3
ldap_debug = 0x0028
}

tls {
}

pool {
start = ${thread[pool].start_servers}
min = ${thread[pool].min_spare_servers}
max = ${thread[pool].max_servers}
spare = ${thread[pool].max_spare_servers}
uses = 0
retry_delay = 30
lifetime = 0
idle_timeout = 60
}
}

freeradius version: 3.2


More information about the Freeradius-Users mailing list