Operator "!=" not allowed for LDAP group comparisons
Alan DeKok
aland at deployingradius.com
Mon Feb 17 18:42:39 UTC 2025
On Feb 17, 2025, at 1:32 PM, Rodrigo Antunes via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> Hi, how can I reject an ldap user if it is not member of a group by using the users file?
Use a policy in unlink.
> But in the logs I see this:
>
> ERROR: files: Operator "!=" not allowed for LDAP group comparisons
Exactly.
In a policy, you can do:
if (!(LDAP-Group == "foo") ...
This is a limitation of the way the LDAP-Group attribute is implemented, and how the "users" file works.
Alan DeKok.
More information about the Freeradius-Users
mailing list